Details
Malware Family CyberGate
Date Added March 23, 2015, 8:29 p.m.
MD5 fab1780165d34ab1c001779a66fdc720
Sha256 5c38d7db7b1bfab6a7d36fda278382fe7941423c395dc4d23008b54b6affd425
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID remote
FTPPassword +
FTPDirectory ./logs/
Mutex 3AJ82JBF10H0W0
GoogleChromePasswords NoLongerStored
InstallDir msn
FTPPort 21
KeyLoggerEnableFTP FALSE
EnableMessageBox FALSE
P2PSpread
Password 123456789
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
RegKeyHKLM msn
MessageBoxButton 0
StartupPolicies msn
FTPInterval 30
InstallMessageTitle CyberGate
MessageBoxIcon 16
Domain lepra.zapto.org,
ActiveXStartup {DB87D4AF-5M7G-81N7-XD67-61DX5FO4KTH4}
InstallMessageBox RemoteAdministrationanywhereintheworld.
ChangeCreationDate FALSE
CyberGateVersion
Persistance TRUE
InstallFileName msn.exe
RegKeyHKCU msn
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread 1000
Port 606,
Advertising
VirusTotal

43 out of 54 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
lepra.zapto.org 0.0.0.0
Geo Location
Yara Rules
Comments
comments powered by Disqus