Details
Malware Family CyberGate
Date Added April 14, 2016, 6:52 a.m.
MD5 b5afa97ffbfdce17c6f618d4ad871e19
Sha256 12407f68aec920d5a8759b08bd0326470eb2aa9bca3a57ea53c9238f45fecaa7
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir install
FTPPort 21
EnableMessageBox TRUE
Password abcd1234
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain 127.0.0.1,
ActiveXStartup {JS5H4I30-Y1QX-8DL8-A080-XX4368V20LJI}
InstallMessageBox
ChangeCreationDate FALSE
CyberGateVersion
Persistance TRUE
InstallFileName explorer.exe
REGKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread FALSE
Port 81,
Advertising
VirusTotal

51 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus