Details
Malware Family CyberGate
Date Added March 23, 2015, 8:29 p.m.
MD5 d3cce60e0f2b7d92ccbfc9dc1bd7ad0f
Sha256 74d50133adfc79842c7001bb40dcd163caf60bc81526c53cae92382c2dbe8670
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID remote
FTPPassword +
FTPDirectory ./logs/
Mutex YK20FUN60281BS
GoogleChromePasswords NoLongerStored
InstallDir install
FTPPort 21
KeyLoggerEnableFTP FALSE
EnableMessageBox FALSE
P2PSpread
Password cybergate
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
RegKeyHKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle CyberGate
MessageBoxIcon 16
Domain pegnose.no-ip.biz,
ActiveXStartup {GDDAQ16U-6UYK-86E7-781I-16725C767038}
InstallMessageBox RemoteAdministrationanywhereintheworld.
ChangeCreationDate FALSE
CyberGateVersion
Persistance FALSE
InstallFileName server.exe
RegKeyHKCU
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread 1000
Port 81,
Advertising
VirusTotal

43 out of 47 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
pegnose.no-ip.biz 000.000.000.000
Geo Location
Yara Rules
Comments
comments powered by Disqus