Collection of Upatre Samples ( alpha version)

Config File for 43fbc609e23c09a480a6b814597ff9bf

md5
43fbc609e23c09a480a6b814597ff9bf
source
malwr
link
https://malwr.com/analysis/NTI4YWFjMjFjOWVjNDIzZGJkMjA2NzIxMDFiNjBiYjU/
malware_name
tijapbiguw.exe
temp_file
TiTmp.txt
scandate
2015-06-19 18:17:52
parsed
2015-06-24 09:58:34
decrypt_keys
4122c112
check_keys
05ba45bf
c2_server
93.93.194.202
baseport
13920
useragent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/538.35 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/538.35
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
51
nr_delivery_sites
50
nr_delivery_sites_online
19
nr_payloads
1
ksa
chk
pdir
SA4
delivered payloads:
1
d1fb173fc49e4899b2c59147b9340e39
downloaded
2015-06-24 09:58:34
scanned (on VT)
2015-06-19 20:37:35
positives
26 / 57
detected as
MicroWorld-eScan
Gen:Variant.Dyzap.16
Malwarebytes
Spyware.Dyre
BitDefender
Gen:Variant.Dyzap.16
K7GW
Trojan ( 004c523f1 )
K7AntiVirus
Trojan ( 004c523f1 )
F-Prot
W32/Dropper.gen8!Maximus
ESET-NOD32
Win32/TrojanDropper.Sikutan.C
Avast
Win32:Injector-CPV [Trj]
Kaspersky
UDS:DangerousObject.Multi.Generic
Ad-Aware
Gen:Variant.Dyzap.16
Sophos
Troj/PrivEsc-C
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Variant.Dyzap.16
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
Emsisoft
Gen:Variant.Dyzap.16 (B)
Cyren
W32/Dropper.gen8!Maximus
Avira
W32/Etap
Fortinet
W32/PrivEsc.C!tr
Microsoft
TrojanDownloader:Win32/Upatre
AVware
BehavesLike.Win32.Malware.bsf (vs)
VBA32
suspected of Trojan.Downloader.gen.h
Panda
Trj/Genetic.gen
Tencent
Trojan.Win32.Qudamah.Gen.0
GData
Gen:Variant.Dyzap.16
AVG
Win32/DH{IIETIiN8eRMANQ}
Baidu-International
Trojan.Win32.Sikutan.C
not detected by:
Bkav, nProtect, CMC, CAT-QuickHeal, ALYac, Zillya, TheHacker, Agnitum, Symantec, TrendMicro-HouseCall, ClamAV, Alibaba, NANO-Antivirus, ViRobot, AegisLab, ByteHero, Rising, DrWeb, TrendMicro, McAfee-GW-Edition, Jiangmin, Antiy-AVL, Kingsoft, Arcabit, SUPERAntiSpyware, AhnLab-V3, TotalDefense, McAfee, Zoner, Ikarus, Qihoo-360
delivery sites:
1
https://173.248.29.43/saf4.zip
2
https://109.86.226.85/saf4.zip
3
https://24.220.92.193/saf4.zip
4
https://176.36.251.208/saf4.zip
5
https://188.255.165.154/saf4.zip
6
https://173.216.240.56/saf4.zip
7
https://68.190.246.142/saf4.zip
8
https://188.255.169.176/saf4.zip
9
https://75.137.112.81/saf4.zip
10
https://69.163.81.211/saf4.zip
11
https://216.254.231.11/saf4.zip
12
https://24.33.131.116/saf4.zip
13
https://68.119.5.32/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
14
https://98.204.215.92/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
15
https://72.230.82.80/saf4.zip
16
https://208.123.130.173/saf4.zip
17
https://178.214.221.89/saf4.zip
18
https://173.248.22.227/saf4.zip
19
https://173.248.31.1/saf4.zip
20
https://173.248.31.6/saf4.zip
21
https://173.248.27.163/saf4.zip
22
https://173.243.255.79/saf4.zip
23
https://69.9.204.114/saf4.zip
24
https://73.175.203.173/saf4.zip
25
https://188.255.239.34/saf4.zip
26
https://75.132.173.27/saf4.zip
27
https://76.28.92.4/saf4.zip
28
https://71.194.36.73/saf4.zip
29
https://98.222.64.184/saf4.zip
30
https://69.144.171.44/saf4.zip
31
https://65.33.236.173/saf4.zip
32
https://66.196.63.33/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
33
https://71.99.130.24/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
34
https://216.16.93.250/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
35
https://24.19.25.40/saf4.zip
36
https://98.246.210.27/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
37
https://66.196.61.218/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
38
https://98.214.11.253/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
39
https://24.148.217.188/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
40
https://98.209.75.164/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
41
https://76.105.248.137/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
42
https://173.216.247.74/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
43
https://64.111.36.35/saf4.zip
44
https://77.48.30.156/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
45
https://77.95.195.68/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
46
https://37.57.144.177/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
47
https://68.55.59.145/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
48
https://95.143.141.50/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
49
https://188.255.243.105/saf4.zip
d1fb173fc49e4899b2c59147b9340e39
50
https://95.143.132.118/saf4.zip
d1fb173fc49e4899b2c59147b9340e39