Details
Malware Family CyberGate
Date Added Oct. 3, 2015, 12:18 a.m.
MD5 de2eb30932f1be677482e2ef7beab480
Sha256 17e71457e93523436fad799ecd0a38e6c4fa296bce574d51147d16d6f9c8bbc9
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir System32
FTPPort 21
EnableMessageBox FALSE
Password 123456
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM System
MessageBoxButton 0
StartupPolicies System
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain gameshacking2015.ddns.net,gameshacking2015.ddns.net,
ActiveXStartup {8267DWD3-5J8U-V5BN-1R7E-04QG8G41VG6F}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName javaupdate.exe
REGKeyHKCU System
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread FALSE
Port 8090,5567,
Advertising
VirusTotal

49 out of 57 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
gameshacking2015.ddns.net 0.0.0.0 0
gameshacking2015.ddns.net 0.0.0.0 0
0.0.0.0 0
Geo Location
Yara Rules
Comments
comments powered by Disqus