Collection of Upatre Samples ( alpha version)

Config File for 2bf02dabeeb677659b832b35d6842db7

md5
2bf02dabeeb677659b832b35d6842db7
source
virusshare
link
download.4n6?sample=0f91d90f96efdbd3d12a225632e70225e1ca2045c6ab85b606c0cfb3e9da5f52
malware_name
koekuky.exe
temp_file
scandate
2015-06-18 09:28:40
parsed
2015-06-29 20:12:04
decrypt_keys
55c28387
check_keys
c2_server
188.120.194.101
baseport
13920
useragent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/538.37 (KHTML, like Gecko) Chrome/44.0.2457.82 Safari/538.37
payload_format
sim
old
0
clientip
icanhazip.com
nr_targets
51
nr_delivery_sites
50
nr_delivery_sites_online
35
nr_payloads
1
ksa
dec
pdir
Zip11
delivered payloads:
1
01a29e42d0e8e31f550f2e5d5abb1b59
downloaded
2015-06-29 20:12:04
scanned (on VT)
2015-06-29 12:25:34
positives
29 / 56
detected as
MicroWorld-eScan
Gen:Variant.Kazy.644780
McAfee
Upatre-FACE!CFD3387D31F8
Malwarebytes
Trojan.Upatre
SUPERAntiSpyware
Trojan.Agent/Gen-Malagent
Symantec
Downloader.Upatre!gen9
ESET-NOD32
Win32/Battdil.W
TrendMicro-HouseCall
TROJ_UPATRE.SMX3
Avast
Win32:Malware-gen
GData
Gen:Variant.Kazy.644780
Kaspersky
HEUR:Trojan.Win32.Generic
BitDefender
Gen:Variant.Kazy.644780
NANO-Antivirus
Trojan.Win32.Dyre.dsvgbv
Ad-Aware
Gen:Variant.Kazy.644780
Emsisoft
Gen:Variant.Kazy.644780 (B)
F-Secure
Gen:Variant.Kazy.644780
VIPRE
LooksLike.Win32.Upatre.g (v)
TrendMicro
TROJ_UPATRE.SMX3
McAfee-GW-Edition
BehavesLike.Win32.PWSZbot.gc
Sophos
Troj/Upatre-LD
Jiangmin
Trojan/Banker.Dyre.ec
Antiy-AVL
Trojan[Banker]/Win32.Dyre
Arcabit
Trojan.Kazy.D9D6AC
AhnLab-V3
Trojan/Win32.Upatre
Microsoft
PWS:Win32/Dyzap
ALYac
Gen:Variant.Kazy.644780
AVware
LooksLike.Win32.Upatre.g (v)
Ikarus
Trojan.Crypt
Fortinet
W32/Waski.F!tr
AVG
Ransomer.JCM
not detected by:
Bkav, nProtect, CAT-QuickHeal, Zillya, TheHacker, Alibaba, K7GW, K7AntiVirus, Agnitum, F-Prot, ClamAV, ViRobot, ByteHero, Tencent, Comodo, DrWeb, Cyren, Avira, Kingsoft, AegisLab, TotalDefense, VBA32, Baidu-International, Zoner, Rising, Panda, Qihoo-360
delivery sites:
1
https://173.248.29.43/zip11.zip
2
https://109.86.226.85/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
3
https://24.220.92.193/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
4
https://176.36.251.208/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
5
https://188.255.165.154/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
6
https://173.216.240.56/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
7
https://68.190.246.142/zip11.zip
8
https://188.255.169.176/zip11.zip
9
https://75.137.112.81/zip11.zip
10
https://69.163.81.211/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
11
https://216.254.231.11/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
12
https://24.33.131.116/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
13
https://68.119.5.32/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
14
https://97.92.125.74/zip11.zip
15
https://98.204.215.92/zip11.zip
16
https://72.230.82.80/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
17
https://208.123.130.173/zip11.zip
18
https://178.214.221.89/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
19
https://173.248.22.227/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
20
https://173.248.31.1/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
21
https://173.248.31.6/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
22
https://173.248.27.163/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
23
https://173.243.255.79/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
24
https://69.9.204.114/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
25
https://73.175.203.173/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
26
https://188.255.239.34/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
27
https://75.132.173.27/zip11.zip
28
https://76.28.92.4/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
29
https://71.194.36.73/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
30
https://98.222.64.184/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
31
https://69.144.171.44/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
32
https://65.33.236.173/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
33
https://66.227.223.219/zip11.zip
34
https://96.37.204.12/zip11.zip
35
https://66.196.63.33/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
36
https://71.99.130.24/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
37
https://216.16.93.250/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
38
https://24.19.25.40/zip11.zip
39
https://98.246.210.27/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
40
https://66.196.61.218/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
41
https://69.180.128.71/zip11.zip
42
https://98.214.11.253/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
43
https://24.148.217.188/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
44
https://98.209.75.164/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
45
https://76.105.248.137/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
46
https://67.239.210.131/zip11.zip
47
https://173.216.247.74/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59
48
https://64.111.36.35/zip11.zip
49
https://69.9.204.16/zip11.zip
50
https://77.48.30.156/zip11.zip
01a29e42d0e8e31f550f2e5d5abb1b59