Details
Malware Family CyberGate
Date Added May 25, 2016, 3 a.m.
MD5 cd83fd0b0f8e296637d18abfc68c0c92
Sha256 2e935a59eb86532cd0f9f490140574245843bfd6d738fafbf956f2df1698355c
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID Server
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir spynet
FTPPort 21
EnableMessageBox FALSE
Password abcd1234
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain MD3SHM.NO-IP.ORG,
ActiveXStartup {61N068YM-MXV5-5880-OQ07-CL4U01BR7555}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName gs.exe
REGKeyHKCU HKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread FALSE
Port 82,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
MD3SHM.NO-IP.ORG 0
Geo Location
Yara Rules
Comments
comments powered by Disqus