Details
Robot
FileName
Malware Family CyberGate
Date Added 2015-11-07 14:35:48
MD5 9366855dc179cd99e94c18696e9625d6
Sha256 d09ea936aa1f0c6c8f4a877adadb4d61681239e8925d0d5c28f84635292e7fad
Robot Robots lovingly delivered by robohash.org
Advertising
Config Data
FTPPassword +
CampaignID remote
Password cybergate
USBSpread 1000
FTPDirectory ./logs/
FTPAddress ftp.server.com
InstallDir svchost.exe
Persistance TRUE
InstallMessageTitle CyberGate
KeyloggerBackspace TRUE
HideFile TRUE
Mutex 8W555Q2F7Q82M0
Domain 37.24.146.196,
FTPPort 21
REGKeyHKCU HKCU
MessageBoxIcon 16
Port 80,
CyberGateVersion
StartupPolicies Policies
REGKeyHKLM HKLM
FTPUserName ftp_user
ChangeCreationDate TRUE
MeltFile TRUE
InstallFileName server.exe
KeyloggerEnableFTP FALSE
FTPInterval 30
InstallMessageBox Remote Administration anywhere in the world.
InstallFlag TRUE
ActiveXStartup {L0O0A30M-1267-U476-F855-DN6LKI04DU35}
EnableMessageBox FALSE
ActivateKeylogger TRUE
MessageBoxButton 0
Virustotal

39 out of 46 AV Engines identified the sample as Malicious.

Virustotal Report