Collection of Upatre Samples ( alpha version)

Config File for 2a22f8d2d2c682f66cab39376c7cb8c1

md5
2a22f8d2d2c682f66cab39376c7cb8c1
source
malwr
link
https://malwr.com/analysis/ZGQ2MDVkMGI5OTIzNDZlOThjOWM4YzgyZjdmNmE3ZjY/
malware_name
loduace.exe
temp_file
Lod59D2.tmp
scandate
2015-06-04 22:46:16
parsed
2015-06-24 09:58:34
decrypt_keys
1c6b5537
check_keys
1ce5060f
c2_server
188.120.194.101
baseport
13920
useragent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.36 (KHTML, like Gecko) Chrome/42.0.2357.81 Safari/536.36
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
16
nr_delivery_sites
15
nr_delivery_sites_online
8
nr_payloads
1
ksa
rol
pdir
sika2
delivered payloads:
1
625177f5fdc2ecfaa1ae123f8c7c995c
downloaded
2015-07-26 08:26:12
scanned (on VT)
2015-07-06 07:52:51
positives
42 / 56
detected as
MicroWorld-eScan
Gen:Variant.Dyzap.16
nProtect
Trojan-Spy/W32.Banker.515584.Q
McAfee
RDN/Generic Downloader.x!nu
Malwarebytes
Spyware.Dyre
Zillya
Trojan.Dyre.Win32.133
K7AntiVirus
Trojan ( 004c523f1 )
K7GW
Trojan ( 004c523f1 )
NANO-Antivirus
Trojan.Win32.ZPACK.dsnzgt
F-Prot
W32/Dropper.gen8!Maximus
Symantec
WS.Reputation.1
ESET-NOD32
Win32/TrojanDropper.Sikutan.C
TrendMicro-HouseCall
TROJ_UPATRE.KJO
Avast
Win64:Malware-gen
GData
Gen:Variant.Dyzap.16
Kaspersky
HEUR:Trojan.Win32.Generic
BitDefender
Gen:Variant.Dyzap.16
ViRobot
Trojan.Win32.Upatre.515584[h]
Tencent
Win32.Trojan-banker.Dyre.Html
Ad-Aware
Gen:Variant.Dyzap.16
Emsisoft
Gen:Variant.Dyzap.16 (B)
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Variant.Dyzap.16
DrWeb
DLOADER.Trojan
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
TrendMicro
TROJ_UPATRE.KJO
McAfee-GW-Edition
BehavesLike.Win32.Dropper.hc
Sophos
Troj/UACMe-A
Cyren
W64/Trojan.NIFD-6070
Avira
W32/Etap
Arcabit
Trojan.Dyzap.16
AhnLab-V3
Trojan/Win32.Battdil
Microsoft
Trojan:Win32/Bagsu!rfn
ByteHero
Virus.Win32.Part.c
ALYac
Gen:Variant.Dyzap.16
AVware
BehavesLike.Win32.Malware.bsf (vs)
VBA32
suspected of Trojan.Downloader.gen.h
Baidu-International
Trojan.Win32.Banker.nm
Ikarus
Trojan-Dropper.Win32.Sikutan
Fortinet
W32/Sikutan.A!tr
AVG
Generic_r.FEN
Panda
Trj/Genetic.gen
Qihoo-360
Win32/Trojan.c2d
not detected by:
Bkav, TotalDefense, CAT-QuickHeal, Alibaba, TheHacker, ClamAV, Agnitum, SUPERAntiSpyware, Jiangmin, Antiy-AVL, Kingsoft, AegisLab, Zoner, Rising
delivery sites:
1
https://84.246.161.47/sikid2.pdf
2
https://217.168.210.122/sikid2.pdf
625177f5fdc2ecfaa1ae123f8c7c995c
3
https://81.90.175.7/sikid2.pdf
625177f5fdc2ecfaa1ae123f8c7c995c
4
https://193.86.104.15/sikid2.pdf
5
https://160.218.186.106/sikid2.pdf
6
https://62.204.250.26/sikid2.pdf
625177f5fdc2ecfaa1ae123f8c7c995c
7
https://94.103.54.19/sikid2.pdf
625177f5fdc2ecfaa1ae123f8c7c995c
8
https://79.120.246.61/sikid2.pdf
9
https://81.93.205.218/sikid2.pdf
625177f5fdc2ecfaa1ae123f8c7c995c
10
https://81.93.205.251/sikid2.pdf
625177f5fdc2ecfaa1ae123f8c7c995c
11
https://87.229.109.250/sikid2.pdf
625177f5fdc2ecfaa1ae123f8c7c995c
12
https://91.83.152.76/sikid2.pdf
625177f5fdc2ecfaa1ae123f8c7c995c
13
https://178.253.205.89/sikid2.pdf
14
https://185.47.89.249/sikid2.pdf
15
https://38.124.172.139/sikid2.pdf