Details
Malware Family CyberGate
Date Added May 25, 2016, 3 a.m.
MD5 fb1a2063721967b165e1d9aef0adbc4c
Sha256 6e51748a56e22781efed4f907601f60e1eb4e2d0ade21e7b70ae4ab3ddb596ae
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile FALSE
InstallFlag TRUE
CampaignID ISI
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir taskmanager
FTPPort 21
EnableMessageBox FALSE
Password azerty
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM HKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain warrior88.no-ip.biz,
ActiveXStartup {51BAL2XN-3QNC-25W6-1D68-2Y1K2G1AAP3W}
InstallMessageBox texto da mensagem
ChangeCreationDate TRUE
CyberGateVersion
Persistance TRUE
InstallFileName task.exe
REGKeyHKCU HKCU
KeyloggerBackspace FALSE
HideFile TRUE
USBSpread TRUE
Port 90,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
warrior88.no-ip.biz 204.95.99.82 US
Geo Location
Yara Rules
Comments
comments powered by Disqus