Details
Malware Family CyberGate
Date Added Nov. 7, 2015, 8:37 p.m.
MD5 998a9af964085b4a4e7fe86b7f9062a0
Sha256 843fce8a46cf248b1595de36fad6aeb6411d4a5db5fbb111c151adcc530d3c42
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID sara
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir
FTPPort 21
EnableMessageBox FALSE
Password sara
FTPUserName ftp_user
InstallFileName Win_Xp.exe
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle Error
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain iwantyou.no-ip.org,
ActiveXStartup {218A3Q1V-M05N-O32L-4AM8-MA0JEIMDL4ML}
InstallMessageBox Please try again later.
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
ActivateKeylogger TRUE
REGKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread TRUE
Port 1177,
Advertising
VirusTotal

50 out of 52 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
iwantyou.no-ip.org 0
Geo Location
Yara Rules
Comments
comments powered by Disqus