Details
Malware Family CyberGate
Date Added Jan. 21, 2016, 3 a.m.
MD5 8f8eb21b386b1677d4fcbb4d5d7d4606
Sha256 ba71267e6ed5342dfaf9e6ca7dbcd704db0e044b2c587b9774ac0c8fea2204cd
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID Lammer
FTPPassword
FTPDirectory ./
Mutex Pluguin
InstallDir Microsoft
FTPPort
EnableMessageBox FALSE
Password 123
FTPUserName
ActivateKeylogger TRUE
FTPAddress
REGKeyHKLM Avgnt
MessageBoxButton 0
StartupPolicies
FTPInterval 30
InstallMessageTitle LAMMER
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain cachorrosujo.ddns.net,cachorrosujo.ddns.net,
ActiveXStartup {P27OG7DC-RT57-GQ28-V508-774G2L77KA51}
InstallMessageBox VOC FOI HACKEADO ...SEU SISTEMA SER FORMATADO.
ChangeCreationDate FALSE
CyberGateVersion
Persistance TRUE
InstallFileName explorer.exe
REGKeyHKCU Avirnt
KeyloggerBackspace FALSE
HideFile FALSE
USBSpread 1000
Port 8080,8181,
Advertising
VirusTotal

48 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
cachorrosujo.ddns.net 0
cachorrosujo.ddns.net 0
Geo Location
Yara Rules
Comments
comments powered by Disqus