Details
Malware Family CyberGate
Date Added March 23, 2015, 8:29 p.m.
MD5 a36c8d48bbc6b9a3b589b2c53ece7280
Sha256 04f6b2b7f84e24226ee1b661728139940556008299c023b3d40fd393f03f474b
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID zxcvbnm
FTPPassword +
FTPDirectory ./logs/
Mutex 4B36531LOFB8EY
GoogleChromePasswords NoLongerStored
InstallDir install
FTPPort 21
KeyLoggerEnableFTP FALSE
EnableMessageBox FALSE
P2PSpread
Password zxcvbnm
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
RegKeyHKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle CyberGate
MessageBoxIcon 16
Domain 192.168.0.2,
ActiveXStartup {QJH5CGI0-KW32-SF44-W8ER-HRI274Y42P2U}
InstallMessageBox RemoteAdministrationanywhereintheworld.
ChangeCreationDate FALSE
CyberGateVersion
Persistance FALSE
InstallFileName server.exe
RegKeyHKCU
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread 1000
Port 999,
Advertising
VirusTotal

39 out of 43 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
Geo Location
Yara Rules
Comments
comments powered by Disqus