Details
Malware Family CyberGate
Date Added April 14, 2016, 6:52 a.m.
MD5 b2e9916be5a63c1c0e96ab6c5fba31e5
Sha256 2b393c16f30e88801333fdef107582ae891f9b05e520a92664b30c53a52b9ce2
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID vtima BOTS
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir install
FTPPort 21
EnableMessageBox FALSE
Password 123
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain vicketious123.no-ip.org,
ActiveXStartup {WWS33XL8-YCKM-TA6G-LLPG-SN6WWY72UYAK}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName system32.exe
REGKeyHKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread FALSE
Port 25565,
Advertising
VirusTotal

51 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
vicketious123.no-ip.org 189.4.38.120 BR
Geo Location
Yara Rules
Comments
comments powered by Disqus