Details
Malware Family CyberGate
Date Added Aug. 1, 2018, 6:25 a.m.
MD5 a8a2438214ace1544791b2b473eb6a48
Sha256 f15f34cc75316687d0ec5477548d91e58eefa0581c2c64d11d112ef9694fade6
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID Black Squad
FTPPassword
FTPDirectory ./
Mutex xservicex
InstallDir Microsoft
FTPPort
EnableMessageBox FALSE
Password 123
FTPUserName
ActivateKeylogger TRUE
FTPAddress
REGKeyHKLM Google Chrome
MessageBoxButton 0
StartupPolicies
FTPInterval 30
InstallMessageTitle LAMMER
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain etiphgkl9hj.duckdns.org,etiphgkl9hj.duckdns.org,etiphgkl9hj.duckdns.org,etiphgkl9hj.duckdns.org,
ActiveXStartup {1W3Q55EN-XVP4-0AEC-FJO7-557F7GH3N228}
InstallMessageBox VOC FOI HACKEADO ...SEU SISTEMA SER FORMATADO.
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName Chrome.exe
REGKeyHKCU Google Chrome
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread 1000
Port 83,2000,4444,888,
Advertising
VirusTotal

59 out of 66 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
etiphgkl9hj.duckdns.org 141.255.144.80 NL
etiphgkl9hj.duckdns.org 141.255.144.80 NL
etiphgkl9hj.duckdns.org 141.255.144.80 NL
etiphgkl9hj.duckdns.org 141.255.144.80 NL
Geo Location
Yara Rules
Comments
comments powered by Disqus