Collection of Upatre Samples ( alpha version)

Config File for 1ba2342d3ffc74627d3f9acc5df2cd1c

md5
1ba2342d3ffc74627d3f9acc5df2cd1c
source
malwr
link
https://malwr.com/analysis/MTI4MDJkYTI0ODRiNDZhYWI1MTFkOGQ4YzJjN2RmZjA/
malware_name
oraclevisio.exe
temp_file
VisioLog.tmp
scandate
2015-06-02 02:27:30
parsed
2015-06-29 19:54:45
decrypt_keys
71a588f1
check_keys
4e1a87a9
c2_server
93.185.4.90
baseport
9587
useragent
Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
16
nr_delivery_sites
15
nr_delivery_sites_online
9
nr_payloads
1
ksa
dec2
pdir
KTA12
delivered payloads:
1
b3269d23c821ad39d617c1c3e3917dba
downloaded
2015-06-29 19:54:45
scanned (on VT)
2015-06-29 12:14:40
positives
30 / 56
detected as
MicroWorld-eScan
Gen:Trojan.Heur.MuW@IHIzk!ni
Malwarebytes
Spyware.Dyre
Zillya
Downloader.Upatre.Win32.35920
F-Prot
W32/Dropper.gen8!Maximus
ESET-NOD32
Win32/TrojanDropper.Sikutan.B
TrendMicro-HouseCall
TSPY_DYRE.UK
Avast
Win64:Evo-gen [Susp]
GData
Gen:Trojan.Heur.MuW@IHIzk!ni
Kaspersky
Trojan-Downloader.Win32.Upatre.aiaj
BitDefender
Gen:Trojan.Heur.MuW@IHIzk!ni
NANO-Antivirus
Trojan.Win32.DownLoader13.dscirg
ViRobot
Trojan.Win32.Upatre.541696[h]
Ad-Aware
Gen:Trojan.Heur.MuW@IHIzk!ni
Emsisoft
Gen:Trojan.Heur.MuW@IHIzk!ni (B)
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Trojan.Heur.MuW@IHIzk!ni
DrWeb
DLOADER.Trojan
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
TrendMicro
TSPY_DYRE.UK
Sophos
Troj/Agent-ANFY
Cyren
W64/Trojan.NRSO-8006
Jiangmin
TrojanDownloader.Upatre.afjh
Avira
W32/Etap
Antiy-AVL
Trojan[Downloader]/Win32.Upatre
Arcabit
Trojan.Heur.E661B4
Microsoft
TrojanDropper:Win32/Evotob.C
AVware
BehavesLike.Win32.Malware.bsf (vs)
Ikarus
Trojan.Inject
AVG
Ransomer.IGN.dropper
Panda
Trj/Genetic.gen
not detected by:
Bkav, nProtect, CAT-QuickHeal, McAfee, K7AntiVirus, Alibaba, K7GW, TheHacker, Agnitum, Symantec, ClamAV, AegisLab, ByteHero, Tencent, McAfee-GW-Edition, Kingsoft, SUPERAntiSpyware, AhnLab-V3, TotalDefense, ALYac, VBA32, Baidu-International, Zoner, Rising, Fortinet, Qihoo-360
delivery sites:
1
https://188.255.142.250/kitty12.png
2
https://178.214.221.89/kitty12.png
b3269d23c821ad39d617c1c3e3917dba
3
https://173.248.22.227/kitty12.png
b3269d23c821ad39d617c1c3e3917dba
4
https://37.57.144.177/kitty12.png
b3269d23c821ad39d617c1c3e3917dba
5
https://173.248.31.6/kitty12.png
b3269d23c821ad39d617c1c3e3917dba
6
https://173.248.31.1/kitty12.png
b3269d23c821ad39d617c1c3e3917dba
7
https://24.240.107.12/kitty12.png
8
https://173.248.16.79/kitty12.png
9
https://173.243.255.79/kitty12.png
b3269d23c821ad39d617c1c3e3917dba
10
https://69.9.204.114/kitty12.png
b3269d23c821ad39d617c1c3e3917dba
11
https://173.248.29.213/kitty12.png
12
https://73.175.203.173/kitty12.png
b3269d23c821ad39d617c1c3e3917dba
13
https://173.248.20.145/kitty12.png
14
https://38.124.72.224/kitty12.png
15
https://173.248.27.163/kitty12.png
b3269d23c821ad39d617c1c3e3917dba