Collection of Upatre Samples ( alpha version)

Config File for 3d76f86120ef9dd3e2b43a94fd7ecbe3

md5
3d76f86120ef9dd3e2b43a94fd7ecbe3
source
malwr
link
https://malwr.com/analysis/Y2VlNmMyYTM0Zjk5NGY5N2ExYWI2ZjdmZjQ4ZjE5MDE/
malware_name
vhomgum.exe
temp_file
Amp4823.tmp
scandate
2015-05-19 11:10:56
parsed
2015-06-25 23:28:50
decrypt_keys
6d7627f6
check_keys
134b4e0a
c2_server
93.185.4.90
baseport
9587
useragent
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
16
nr_delivery_sites
15
nr_delivery_sites_online
4
nr_payloads
1
ksa
dec2
pdir
TS22
delivered payloads:
1
69da4f4d2dbf009549ed464a0f5dade4
downloaded
2015-06-25 23:28:50
scanned (on VT)
2015-06-30 14:08:41
positives
30 / 56
detected as
MicroWorld-eScan
Gen:Trojan.Heur.LuW@Iffs9nci
Malwarebytes
Spyware.Dyre
K7GW
Trojan ( 004c37eb1 )
K7AntiVirus
Trojan ( 004c37eb1 )
F-Prot
W32/Dropper.gen8!Maximus
ESET-NOD32
Win32/TrojanDropper.Sikutan.B
TrendMicro-HouseCall
TSPY_DYRE.NIT
Avast
Win64:Evo-gen [Susp]
GData
Gen:Trojan.Heur.LuW@Iffs9nci
Kaspersky
Trojan-Downloader.Win32.Upatre.aiaj
BitDefender
Gen:Trojan.Heur.LuW@Iffs9nci
Ad-Aware
Gen:Trojan.Heur.LuW@Iffs9nci
Sophos
Mal/Wonton-BD
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Trojan.Heur.LuW@Iffs9nci
DrWeb
DLOADER.Trojan
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
TrendMicro
TSPY_DYRE.NIT
Emsisoft
Gen:Trojan.Heur.LuW@Iffs9nci (B)
Cyren
W64/Trojan.NRSO-8006
Jiangmin
TrojanDownloader.Upatre.afjh
Avira
W32/Etap
Antiy-AVL
Trojan[Downloader]/Win32.Upatre
Arcabit
Trojan.Heur.E49C77
ViRobot
Trojan.Win32.Upatre.541696[h]
Microsoft
TrojanDropper:Win32/Evotob.C
AVware
BehavesLike.Win32.Malware.bsf (vs)
Ikarus
Trojan.Win32.Crypt
AVG
Downloader.Generic14.WKS.dropper
Panda
Trj/Genetic.gen
not detected by:
Bkav, TotalDefense, nProtect, CAT-QuickHeal, McAfee, Zillya, SUPERAntiSpyware, TheHacker, Alibaba, Agnitum, Symantec, ClamAV, NANO-Antivirus, AegisLab, Rising, McAfee-GW-Edition, Kingsoft, AhnLab-V3, ByteHero, ALYac, VBA32, Baidu-International, Zoner, Tencent, Fortinet, Qihoo-360
delivery sites:
1
https://96.46.99.215/tisat32.png
69da4f4d2dbf009549ed464a0f5dade4
2
https://162.249.150.113/tisat32.png
3
https://173.248.13.100/tisat32.png
4
https://109.75.154.46/tisat32.png
5
https://194.106.166.22/tisat32.png
69da4f4d2dbf009549ed464a0f5dade4
6
https://188.255.186.193/tisat32.png
7
https://95.143.130.63/tisat32.png
8
https://68.170.58.11/tisat32.png
9
https://178.222.250.35/tisat32.png
69da4f4d2dbf009549ed464a0f5dade4
10
https://94.154.107.172/tisat32.png
69da4f4d2dbf009549ed464a0f5dade4
11
https://178.219.10.23/tisat32.png
12
https://79.101.42.247/tisat32.png
13
https://209.240.179.10/tisat32.png
14
https://188.255.249.28/tisat32.png
15
https://38.66.20.98/tisat32.png