Collection of Upatre Samples ( alpha version)

Config File for 43b15a093eacf47777006ef1f65b4350

md5
43b15a093eacf47777006ef1f65b4350
source
hybrid-analysis
link
/sample/3cf89d8e4d18f75898299d591db8279e1cf4b9328ff48408b93b3a374a263837%235/3cf89d8e4d18f75898299d5
malware_name
nyupodyt.exe
temp_file
~DR7892.txt
scandate
0000-00-00 00:00:00
parsed
2015-08-03 01:30:43
decrypt_keys
71a588f1
check_keys
4e1a87a9
c2_server
93.185.4.90
baseport
13920
useragent
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
16
nr_delivery_sites
15
nr_delivery_sites_online
4
nr_payloads
1
ksa
dec2
pdir
KTA12
delivered payloads:
1
0b267e51f62ecb467084a1a961f37546
downloaded
2015-06-26 00:39:07
scanned (on VT)
2015-06-17 14:59:33
positives
27 / 57
detected as
MicroWorld-eScan
Gen:Trojan.Heur.HuW@IXO@uPai
Malwarebytes
Spyware.Dyre
F-Prot
W32/Dropper.gen8!Maximus
TrendMicro-HouseCall
TSPY_DYRE.YUYCL
Avast
Win64:Evo-gen [Susp]
GData
Gen:Trojan.Heur.HuW@IXO@uPai
Kaspersky
Trojan-Downloader.Win32.Upatre.aiaj
BitDefender
Gen:Trojan.Heur.HuW@IXO@uPai
NANO-Antivirus
Trojan.Win32.Dyre.dshznc
Ad-Aware
Gen:Trojan.Heur.HuW@IXO@uPai
Sophos
Troj/Apolmy-C
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Trojan.Heur.HuW@IXO@uPai
DrWeb
DLOADER.Trojan
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
TrendMicro
TSPY_DYRE.YUYCL
Emsisoft
Gen:Trojan.Heur.HuW@IXO@uPai (B)
Cyren
W64/Trojan.NRSO-8006
Jiangmin
TrojanDownloader.Upatre.afjh
Avira
W32/Etap
Antiy-AVL
Trojan[Downloader]/Win32.Upatre
Arcabit
Trojan.Heur.EE646A
Microsoft
TrojanDropper:Win32/Evotob.C
AVware
BehavesLike.Win32.Malware.bsf (vs)
Panda
Trj/Genetic.gen
ESET-NOD32
Win32/Battdil.S
AVG
Cryptic.EWT.dropper
not detected by:
Bkav, TotalDefense, nProtect, CMC, CAT-QuickHeal, ALYac, Zillya, SUPERAntiSpyware, K7AntiVirus, Alibaba, K7GW, TheHacker, Agnitum, Symantec, ByteHero, ClamAV, AegisLab, Tencent, McAfee-GW-Edition, Kingsoft, ViRobot, AhnLab-V3, McAfee, VBA32, Zoner, Rising, Ikarus, Fortinet, Baidu-International, Qihoo-360
delivery sites:
1
https://178.214.221.89/kisty12.pdf
2
https://188.255.142.250/kisty12.pdf
3
https://37.57.144.177/kisty12.pdf
0b267e51f62ecb467084a1a961f37546
4
https://173.248.22.227/kisty12.pdf
5
https://173.248.31.1/kisty12.pdf
6
https://173.248.31.6/kisty12.pdf
0b267e51f62ecb467084a1a961f37546
7
https://173.248.16.79/kisty12.pdf
8
https://24.240.107.12/kisty12.pdf
9
https://173.248.29.213/kisty12.pdf
10
https://173.248.20.145/kisty12.pdf
11
https://173.248.27.163/kisty12.pdf
12
https://173.243.255.79/kisty12.pdf
0b267e51f62ecb467084a1a961f37546
13
https://69.9.204.114/kisty12.pdf
0b267e51f62ecb467084a1a961f37546
14
https://73.175.203.173/kisty12.pdf
15
https://38.124.72.224/kisty12.pdf