Details
Malware Family CyberGate
Date Added May 25, 2016, 3 a.m.
MD5 89c82e42a3a41b9a1a388fde96c40e8d
Sha256 9ddcf30c1755b1de55008833dd8add6bfa01facd136dfe4c28b1b92c7eec5fa9
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir install
FTPPort 21
EnableMessageBox FALSE
Password abcd1234
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain remik3.no-ip.org,
ActiveXStartup {08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}
InstallMessageBox texto da mensagem
ChangeCreationDate FALSE
CyberGateVersion
Persistance FALSE
InstallFileName server.exe
REGKeyHKCU
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread FALSE
Port 81,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
remik3.no-ip.org 204.95.99.26 US
Geo Location
Yara Rules
Comments
comments powered by Disqus