Details
Malware Family CyberGate
Date Added July 17, 2017, 6:25 a.m.
MD5 f275231f82d5c121ccdc09f1db6fc946
Sha256 f29a1549de2e4c2c760fa0903f89927c7ff5f337e307b5a562ef6c0e3363835f
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID Hacker KoGaMa
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir install
FTPPort 21
EnableMessageBox TRUE
Password 123
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM Microsoft
MessageBoxButton 0
StartupPolicies Windows
FTPInterval 30
InstallMessageTitle Microsoft 40639
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain fuckyoulammer.duckdns.org,
ActiveXStartup {6PN3284S-67SG-LB6P-4MPR-WD1J470E8424}
InstallMessageBox Computer Not Updated!
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName explorer.exe
REGKeyHKCU Windows UFNK
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread FALSE
Port 1177,
Advertising
VirusTotal

60 out of 63 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
fuckyoulammer.duckdns.org 141.255.145.213 NL
Geo Location
Yara Rules
Comments
comments powered by Disqus