Details
Malware Family CyberGate
Date Added Jan. 26, 2016, 3 a.m.
MD5 ce3474d8e33a897b0d14471f3d9fbb2a
Sha256 0b0126c8f33099ed9a38537f93d728742589f083fd6a61f793a8886caa1bcc6a
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir microsoft
FTPPort 21
EnableMessageBox FALSE
Password 12345
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain 127.0.0.1,
ActiveXStartup {D2GRTMDG-16TY-27L1-WA0X-5R3L5M32WE15}
InstallMessageBox texto da mensagem
ChangeCreationDate FALSE
CyberGateVersion
Persistance TRUE
InstallFileName microsoft.exe
REGKeyHKCU
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread TRUE
Port 81,
Advertising
VirusTotal

46 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus