Details
Malware Family CyberGate
Date Added March 23, 2015, 8:29 p.m.
MD5 c5bb297f1aff4fa4ad000b0f53397514
Sha256 dcd88a626d7590ff242484ff3ecdcdd55a967eb8dc67f43e900014820891259b
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID arfan
FTPPassword +
FTPDirectory ./logs/
Mutex T0R6A2N4E3040J
GoogleChromePasswords NoLongerStored
InstallDir Microsoft
FTPPort 21
KeyLoggerEnableFTP FALSE
EnableMessageBox FALSE
P2PSpread
Password 123456
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
RegKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle eirorr!!!!!!!!!!!!!!!!!!!!
MessageBoxIcon 16
Domain dkarfan.no-ip.org,
ActiveXStartup {Y0LRG3A3-6XQR-FWHP-5PY4-72L844745NS0}
InstallMessageBox filemiseeing
ChangeCreationDate FALSE
CyberGateVersion
Persistance TRUE
InstallFileName Microsoft.exe
RegKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread 1000
Port 1025,
Advertising
VirusTotal

48 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
dkarfan.no-ip.org 000.000.000.000
Geo Location
Yara Rules
Comments
comments powered by Disqus