Details
Malware Family CyberGate
Date Added March 3, 2018, 6:25 a.m.
MD5 e1f27b5d0dcd53480a93c2b0e4109b30
Sha256 910bf39abc780b06a7c2115cdb7b2ff762d7769b546a3cb518e49b065511c888
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID Server
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir windows
FTPPort 21
EnableMessageBox FALSE
Password abcd1234
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 48
Domain zueirasemlimites.duckdns.org,
ActiveXStartup {10E0OBO6-5UX8-70E2-LT0B-TB0NQ1340IX4}
InstallMessageBox
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName windows.exe
REGKeyHKCU HKCU
KeyloggerBackspace FALSE
HideFile TRUE
USBSpread TRUE
Port 2019,
Advertising
VirusTotal

59 out of 67 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
zueirasemlimites.duckdns.org 187.15.10.72 BR
Geo Location
Yara Rules
Comments
comments powered by Disqus