Details
Malware Family CyberGate
Date Added Aug. 5, 2015, 12:52 a.m.
MD5 cd35adee0af4eb4298d31a285241f0ea
Sha256 0f2793f1756d4e3109afbf395321d78b50437b27aa2b214e0bf5e7242ebdc198
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag FALSE
CampaignID remote
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir install
FTPPort 21
EnableMessageBox FALSE
Password 123456
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain mania.zapto.org,
ActiveXStartup {08B0E5JF-4FCB-11CF-AAA5-00401C6XX500}
InstallMessageBox texto da mensagem
ChangeCreationDate FALSE
CyberGateVersion
Persistance TRUE
InstallFileName server.exe
REGKeyHKCU
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread FALSE
Port 1986,
Advertising
VirusTotal

49 out of 55 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
mania.zapto.org 190.43.174.89 PE
Geo Location
Yara Rules
Comments
comments powered by Disqus