Details
Malware Family CyberGate
Date Added June 27, 2017, 6:25 a.m.
MD5 aa0a0427033f9d137c49cfa986319fbf
Sha256 df89703a9ddf2b34ce4e8a1bac71057e99b22b2c86cd7097d80dfff2b231b450
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID Lammer
FTPPassword senha123
FTPDirectory ./logs/
Mutex svchost
InstallDir Chrome
FTPPort 21
EnableMessageBox TRUE
Password 123
FTPUserName u287681427
ActivateKeylogger TRUE
FTPAddress ftp.avastui.esy.es
REGKeyHKLM OneDrive
MessageBoxButton 0
StartupPolicies OneDrive
FTPInterval 60
InstallMessageTitle Microsoft .NET Framework 3.5 Setup
KeyloggerEnableFTP TRUE
MessageBoxIcon 16
Domain avastsecurity.myftp.org,avastsecurity.sytes.net,avastsecurity.sytes.net,avastsecurity.sytes.net,127.0.0.1,
ActiveXStartup {4CS81R32-HD54-1U67-1C81-WIEKVQ3GS2TX}
InstallMessageBox You must use the Role Management Tool to install or configure Microsoft .NET Framework 3.5.
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName Google Update.exe
REGKeyHKCU OneDrive
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread TRUE
Port 81,81,82,83,81,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
avastsecurity.myftp.org 186.214.153.73 BR
avastsecurity.sytes.net 186.214.153.73 BR
avastsecurity.sytes.net 186.214.153.73 BR
avastsecurity.sytes.net 186.214.153.73 BR
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus