Details
Malware Family CyberGate
Date Added May 25, 2016, 3 a.m.
MD5 fdd28de2f8336aee6a77951ee8192ab8
Sha256 a45218c98d885c1169ad9e125e218207aa56f2016dc5e0965886e338a59b25e2
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID vtima
FTPPassword +
FTPDirectory ./logs/
Mutex ***MUTEX***
InstallDir install
FTPPort 21
EnableMessageBox FALSE
Password abcd1234
FTPUserName ftp_user
ActivateKeylogger TRUE
FTPAddress ftp.server.com
REGKeyHKLM
MessageBoxButton 0
StartupPolicies Policies
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain 127.0.0.1,
ActiveXStartup {LBREJ0FX-30DF-5L77-6353-N12W44YS16HE}
InstallMessageBox texto da mensagem
ChangeCreationDate FALSE
CyberGateVersion
Persistance FALSE
InstallFileName server.exe
REGKeyHKCU
KeyloggerBackspace TRUE
HideFile FALSE
USBSpread FALSE
Port 82,
Advertising
VirusTotal

This hash does not exist in virustotal

Domain Data
Domain IP Country Code
127.0.0.1 0
Geo Location
Yara Rules
Comments
comments powered by Disqus