Details
Malware Family CyberGate
Date Added Dec. 25, 2017, 6:25 a.m.
MD5 ff35edacb8c847e85a6494e7858ecada
Sha256 7e9db42cbb73a7cd3ed50d55344647764d3605246872eff6934d9c434c1993d2
Robot Robots lovingly delivered by robohash.org
Config Sections
MeltFile TRUE
InstallFlag TRUE
CampaignID Hack
FTPPassword colomiers
FTPDirectory ./logs/
Mutex A188f6FWU
InstallDir conhost
FTPPort 21
EnableMessageBox FALSE
Password abcd1234
FTPUserName ctc
ActivateKeylogger TRUE
FTPAddress 217.167.157.135
REGKeyHKLM conhost
MessageBoxButton 0
StartupPolicies conhost
FTPInterval 30
InstallMessageTitle ttulo da mensagem
KeyloggerEnableFTP FALSE
MessageBoxIcon 16
Domain vs1.redirectme.net,
ActiveXStartup {QMEAJQA8-V0L4-T22O-X75T-42WM8N871D81}
InstallMessageBox texto da mensagem
ChangeCreationDate FALSE
CyberGateVersion
Persistance TRUE
InstallFileName conhost.exe
REGKeyHKCU conhost
KeyloggerBackspace TRUE
HideFile TRUE
USBSpread FALSE
Port 5353,
Advertising
VirusTotal

63 out of 66 AV's Identified the sample as Malicious

Virus Total Report

Domain Data
Domain IP Country Code
vs1.redirectme.net 78.43.102.99 DE
Geo Location
Yara Rules
Comments
comments powered by Disqus