Details
Malware Family CyberGate
Date Added Feb. 7, 2016, 10:12 p.m.
MD5 bebcf9f88e6fdbc84d05657038cad00c
Sha256 b7738af73cb0d21355233c7a555be1193a62c0ce127baced160ba97156795c3a
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir install
FTPPort 21
EnableMessageBox TRUE
Password abcd1234
FTPUserName ftp_user
InstallFileName server.exe
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain hamaitaly.no-ip.org,
ActiveXStartup {FP53P0OL-483Y-3V74-EFE2-5G011H16PR21}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
ActivateKeylogger TRUE
REGKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread TRUE
Port 288,
Advertising
VirusTotal

42 out of 46 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
hamaitaly.no-ip.org 0
Geo Location
Yara Rules
Comments
comments powered by Disqus