Details
Malware Family CyberGate
Date Added Nov. 7, 2015, 5:27 p.m.
MD5 a4647d9da691c69fe936998c074694c3
Sha256 30dbce17a0df218b85d69dcef23f9f29b8f1c1122175044de3a4ff73be7862e8
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir config64
FTPPort 21
EnableMessageBox FALSE
Password abcd1234
FTPUserName ftp_user
InstallFileName sys.exe
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain 127.0.0.1,
ActiveXStartup {ST6TC73O-0LCM-J273-C66L-5GQ8B46NWPW1}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
ActivateKeylogger TRUE
REGKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread FALSE
Port 288,
Advertising
VirusTotal

48 out of 51 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus