Details
Malware Family CyberGate
Date Added May 25, 2016, 3 a.m.
MD5 a1095fb1abae157968c928f0a46cc6ac
Sha256 8bc6e1f005c647544ec8b379e8aa4d0f61e4430140cceb158131435741dfcf3c
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir explorer
FTPPort 21
EnableMessageBox FALSE
Password abcd1234
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain k0style.no-ip.biz,
ActiveXStartup {PJGYMOO8-6684-44NM-8565-7002877V3745}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName explorer.exe
REGKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread TRUE
Port 81,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
k0style.no-ip.biz 0
Geo Location
Yara Rules
Comments
comments powered by Disqus