Collection of Upatre Samples ( alpha version)

Config File for 0b777ee0fe345c58a2e2f5ea4945cae0

md5
0b777ee0fe345c58a2e2f5ea4945cae0
source
virusshare
link
download.4n6?sample=db16b786e9fd9665b3e722a2501acac324b5a4804b87a5af51c3f00b026b50dc
malware_name
rianesad.exe
temp_file
scandate
2015-08-10 09:08:36
parsed
2015-09-14 15:57:30
decrypt_keys
7446059c
check_keys
c2_server
93.93.194.202
baseport
9587
useragent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
payload_format
sim
old
0
clientip
icanhazip.com
nr_targets
16
nr_delivery_sites
15
nr_delivery_sites_online
3
nr_payloads
1
ksa
dec
pdir
mia
delivered payloads:
1
14de44b98cd7f69f234536a260128b62
downloaded
2015-09-14 15:57:30
scanned (on VT)
2015-07-01 07:45:47
positives
36 / 56
detected as
MicroWorld-eScan
Trojan.GenericKD.2511058
McAfee
RDN/Generic.dx!d2k
Malwarebytes
Spyware.Dyre
VIPRE
Trojan.Win32.Generic!BT
K7GW
Trojan ( 004c6bff1 )
K7AntiVirus
Trojan ( 004c6bff1 )
NANO-Antivirus
Trojan.Win32.Dyre.dtecyd
Symantec
Trojan.Gen
ESET-NOD32
Win32/Battdil.Y
Avast
Win32:Malware-gen
GData
Trojan.GenericKD.2511058
Kaspersky
Trojan-Banker.Win32.Dyre.ro
BitDefender
Trojan.GenericKD.2511058
ViRobot
Trojan.Win32.Agent.560640.D[h]
Tencent
Win32.Trojan.Inject.Auto
Ad-Aware
Trojan.GenericKD.2511058
Emsisoft
Trojan.GenericKD.2511058 (B)
F-Secure
Trojan.GenericKD.2511058
DrWeb
Trojan.DownLoader14.1443
TrendMicro
TROJ_GEN.R000C0CG115
McAfee-GW-Edition
RDN/Generic.dx!d2k
Sophos
Mal/Generic-S
Avira
TR/Crypt.ZPACK.41784
Antiy-AVL
Trojan[Banker]/Win32.Dyre
Arcabit
Trojan.Generic.D2650D2
AhnLab-V3
Trojan/Win32.Necurs
Microsoft
Trojan:Win32/Bulta!rfn
ALYac
Trojan.GenericKD.2511058
AVware
Trojan.Win32.Generic!BT
Baidu-International
Trojan.Win32.Banker.ro
Rising
PE:Trojan.Win32.Generic.18C9F3A1!415888289
Ikarus
Trojan.Win32.Battdil
Fortinet
W32/Dyre.RO!tr
AVG
Ransomer.JFE
Panda
Trj/CI.A
Qihoo-360
HEUR/QVM07.1.Malware.Gen
not detected by:
Bkav, nProtect, CAT-QuickHeal, SUPERAntiSpyware, TheHacker, Alibaba, F-Prot, TrendMicro-HouseCall, ClamAV, Agnitum, ByteHero, Comodo, Zillya, Cyren, Jiangmin, Kingsoft, AegisLab, TotalDefense, VBA32, Zoner
delivery sites:
1
https://173.248.29.43/miatdoc.dat
2
https://109.86.226.85/miatdoc.dat
3
https://24.220.92.193/miatdoc.dat
4
https://176.36.251.208/miatdoc.dat
5
https://188.255.165.154/miatdoc.dat
6
https://173.216.240.56/miatdoc.dat
7
https://68.190.246.142/miatdoc.dat
8
https://188.255.169.176/miatdoc.dat
9
https://75.137.112.81/miatdoc.dat
10
https://69.163.81.211/miatdoc.dat
11
https://216.254.231.11/miatdoc.dat
14de44b98cd7f69f234536a260128b62
12
https://24.33.131.116/miatdoc.dat
14de44b98cd7f69f234536a260128b62
13
https://104.174.123.66/miatdoc.dat
14
https://72.230.82.80/miatdoc.dat
14de44b98cd7f69f234536a260128b62
15
https://64.203.121.6/miatdoc.dat