Details
Malware Family CyberGate
Date Added April 5, 2017, 6:25 a.m.
MD5 cb6d6620b1c1f31474c881422563ee36
Sha256 efda02aa87b9047f81ef53f01586a54b144daf1417b4b8746217aff3eff4b18b
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID Crossfire
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir Install DiR
FTPPort 21
EnableMessageBox FALSE
Password 123456789
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM Java
MessageBoxButton 0
StartupPolicies Google Update
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain saviolasnaiik.duckdns.org,
ActiveXStartup {4K0D453H-0R2K-87N7-R27U-0JQI04G26JD5}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName svchost.exe
REGKeyHKCU Explorer
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread FALSE
Port 9000,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
saviolasnaiik.duckdns.org 177.99.77.76 BR
Geo Location
Yara Rules
Comments
comments powered by Disqus