Details
Malware Family CyberGate
Date Added Feb. 7, 2016, 10:12 p.m.
MD5 bfa1e22c9f3c8863b5832cf64e0937f0
Sha256 45cae64577eb09ee16e3ad3a8e665b53dbf12fd908b0387d73801f882e3fe2ce
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir install
FTPPort 21
EnableMessageBox TRUE
Password abcd1234
FTPUserName ftp_user
InstallFileName server.exe
FTPAddress ftp.server.com
REGKeyHKLM System32
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle OBRIGADO POR USAR NOSSO PROGRAMA HACKER
KeyloggerEnableFTP FALSE
MessageBoxIcon 64
Domain hackermuaway26591.no-ip.org,hackermuaway26591.no-ip.org,
ActiveXStartup {VFOMB6JT-157A-T36E-P5H2-7Y87A1440L1S}
InstallMessageBox Seja feliz!!! USE COM MODERAO!!!!!
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
ActivateKeylogger TRUE
REGKeyHKCU System
KeyloggerBackspace FALSE
HideFile TRUE
USBSpread FALSE
Port 4000,5000,
Advertising
VirusTotal

46 out of 51 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
hackermuaway26591.no-ip.org 204.95.99.109 US
hackermuaway26591.no-ip.org 204.95.99.109 US
Geo Location
Yara Rules
Comments
comments powered by Disqus