Details
Malware Family CyberGate
Date Added May 16, 2017, 6:25 a.m.
MD5 db429ed59841c2812c46a5afbbba84ee
Sha256 2f153aaad82682aa4062bc27424856e97caa1a9ccea6b3b111a79b43600347fd
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID MINECR
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir %appdata%
FTPPort 21
EnableMessageBox FALSE
Password 123
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM Update
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain tenebrosotcs.duckdns.org,
ActiveXStartup {74X13FDW-VY1X-M4VL-85L7-1F6NRF170PJ6}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName winlogon.exe
REGKeyHKCU Update
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread FALSE
Port 82,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
tenebrosotcs.duckdns.org 141.255.145.161 NL
Geo Location
Yara Rules
Comments
comments powered by Disqus