Details
Malware Family CyberGate
Date Added Nov. 7, 2015, 4:48 p.m.
MD5 a3c6ba436883539d41683caaf42e5b00
Sha256 dd41dcbd3946a8261c45d3cd2aa0428a35bd4ca29bd5349c0bf5973d6a8f26b7
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID Kobaia
FTPPassword +
FTPDirectory ./logs/
Mutex asdfdfdfs
InstallDir install
FTPPort 21
EnableMessageBox FALSE
Password 123
FTPUserName ftp_user
InstallFileName firewall.exe
FTPAddress ftp.server.com
REGKeyHKLM Firewall Do Windows
MessageBoxButton 0
StartupPolicies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain njrathocks.ddns.net,
ActiveXStartup {CERJ401D-J33W-VKXE-76C1-631258KAKMOT}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
ActivateKeylogger TRUE
REGKeyHKCU Java Update
KeyloggerBackspace FALSE
HideFile TRUE
USBSpread FALSE
Port 84,
Advertising
VirusTotal

45 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
njrathocks.ddns.net 0
Geo Location
Yara Rules
Comments
comments powered by Disqus