Collection of Upatre Samples ( alpha version)

Config File for 320828c2bf6c110be3dd1960ea75d097

md5
320828c2bf6c110be3dd1960ea75d097
source
malwr
link
https://malwr.com/analysis/NTk3YmI4MWNiMWQ4NDAwNjk2ZmEwOWM3MGYyYzZkMzc/
malware_name
nesesofy.exe
temp_file
scandate
2015-06-24 23:56:37
parsed
2015-06-26 19:51:12
decrypt_keys
7446059c
check_keys
c2_server
93.93.194.202
baseport
13920
useragent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
payload_format
sim
old
0
clientip
icanhazip.com
nr_targets
16
nr_delivery_sites
15
nr_delivery_sites_online
12
nr_payloads
1
ksa
dec
pdir
HOLD11
delivered payloads:
1
b220bad90492b2a15dbe045078b17779
downloaded
2015-06-26 19:51:12
scanned (on VT)
2015-06-26 17:52:13
positives
25 / 56
detected as
MicroWorld-eScan
Gen:Variant.Kazy.651080
ALYac
Gen:Variant.Kazy.651080
Malwarebytes
Trojan.Upatre
SUPERAntiSpyware
Trojan.Agent/Gen-Upatre
TrendMicro-HouseCall
TROJ_UPATRE.SMX3
Avast
Win32:Upatre-N [Trj]
GData
Gen:Variant.Kazy.651080
BitDefender
Gen:Variant.Kazy.651080
ViRobot
Trojan.Win32.Upatre.436736.A[h]
Ad-Aware
Gen:Variant.Kazy.651080
Sophos
Troj/Upatre-LD
F-Secure
Gen:Variant.Kazy.651080
VIPRE
LooksLike.Win32.Upatre.bs (v)
TrendMicro
TROJ_UPATRE.SMX3
McAfee-GW-Edition
Upatre-FACE!2169B228155F
Emsisoft
Gen:Variant.Kazy.651080 (B)
Arcabit
Trojan.Kazy.D9EF48
AhnLab-V3
Trojan/Win32.Upatre
Microsoft
TrojanDownloader:Win32/Upatre
ByteHero
Virus.Win32.Heur.c
McAfee
Upatre-FACE!2169B228155F
AVware
LooksLike.Win32.Upatre.bs (v)
Panda
Trj/Genetic.gen
Fortinet
W32/Waski.F!tr
AVG
Generic_s.EVO
not detected by:
Bkav, TotalDefense, nProtect, CAT-QuickHeal, Zillya, TheHacker, Alibaba, K7GW, K7AntiVirus, Agnitum, F-Prot, Symantec, ESET-NOD32, ClamAV, Kaspersky, NANO-Antivirus, Tencent, Comodo, DrWeb, Cyren, Jiangmin, Avira, Antiy-AVL, Kingsoft, AegisLab, VBA32, Zoner, Rising, Ikarus, Baidu-International, Qihoo-360
delivery sites:
1
https://173.248.29.43/upd11.zip
2
https://109.86.226.85/upd11.zip
b220bad90492b2a15dbe045078b17779
3
https://24.220.92.193/upd11.zip
b220bad90492b2a15dbe045078b17779
4
https://176.36.251.208/upd11.zip
b220bad90492b2a15dbe045078b17779
5
https://188.255.165.154/upd11.zip
b220bad90492b2a15dbe045078b17779
6
https://173.216.240.56/upd11.zip
b220bad90492b2a15dbe045078b17779
7
https://68.190.246.142/upd11.zip
8
https://188.255.169.176/upd11.zip
b220bad90492b2a15dbe045078b17779
9
https://75.137.112.81/upd11.zip
10
https://69.163.81.211/upd11.zip
b220bad90492b2a15dbe045078b17779
11
https://216.254.231.11/upd11.zip
b220bad90492b2a15dbe045078b17779
12
https://24.33.131.116/upd11.zip
b220bad90492b2a15dbe045078b17779
13
https://104.174.123.66/upd11.zip
b220bad90492b2a15dbe045078b17779
14
https://72.230.82.80/upd11.zip
b220bad90492b2a15dbe045078b17779
15
https://64.203.121.6/upd11.zip
b220bad90492b2a15dbe045078b17779