Collection of Upatre Samples ( alpha version)

Config File for 46ae3a032662980389db59323905f620

md5
46ae3a032662980389db59323905f620
source
virusshare
link
download.4n6?sample=5c93fe7e461a43eaef8e4a85c346579d3ee31d494ef2e1a1814bcd073fbdc83e
malware_name
verdosi.exe
temp_file
scandate
2015-07-12 02:15:54
parsed
2015-09-16 12:02:24
decrypt_keys
5b1e7328
check_keys
c2_server
38.65.142.12
baseport
9587
useragent
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
payload_format
sim
old
0
clientip
icanhazip.com
nr_targets
51
nr_delivery_sites
50
nr_delivery_sites_online
17
nr_payloads
1
ksa
dec
pdir
AN11
delivered payloads:
1
95f8ee0f5b53aacdaf81b8b032299578
downloaded
2015-07-09 11:42:31
scanned (on VT)
2015-07-09 08:28:24
positives
4 / 56
detected as
Bkav
HW32.Packed.F149
Kaspersky
UDS:DangerousObject.Multi.Generic
Avira
TR/Rogue.aiogjb
Rising
PE:Malware.XPACK-HIE/Heur!1.9C48
not detected by:
TotalDefense, MicroWorld-eScan, nProtect, CAT-QuickHeal, McAfee, Malwarebytes, VIPRE, SUPERAntiSpyware, TheHacker, Alibaba, K7GW, K7AntiVirus, Agnitum, F-Prot, Symantec, ESET-NOD32, TrendMicro-HouseCall, Avast, ClamAV, GData, BitDefender, NANO-Antivirus, ViRobot, Tencent, Ad-Aware, Emsisoft, Comodo, F-Secure, DrWeb, Zillya, TrendMicro, McAfee-GW-Edition, Sophos, Cyren, Jiangmin, Antiy-AVL, Kingsoft, Arcabit, AegisLab, AhnLab-V3, Microsoft, ByteHero, ALYac, AVware, VBA32, Baidu-International, Zoner, Ikarus, Fortinet, AVG, Panda, Qihoo-360
delivery sites:
1
https://109.86.226.85/kon1.zip
2
https://24.220.92.193/kon1.zip
3
https://176.36.251.208/kon1.zip
4
https://173.216.240.56/kon1.zip
5
https://69.163.81.211/kon1.zip
6
https://216.254.231.11/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
7
https://24.33.131.116/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
8
https://104.174.123.66/kon1.zip
9
https://72.230.82.80/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
10
https://173.248.22.227/kon1.zip
11
https://173.248.31.6/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
12
https://173.243.255.79/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
13
https://69.9.204.114/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
14
https://188.255.239.34/kon1.zip
15
https://98.222.64.184/kon1.zip
16
https://69.144.171.44/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
17
https://65.33.236.173/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
18
https://66.196.63.33/kon1.zip
19
https://71.99.130.24/kon1.zip
20
https://216.16.93.250/kon1.zip
21
https://66.196.61.218/kon1.zip
22
https://98.214.11.253/kon1.zip
23
https://24.148.217.188/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
24
https://98.209.75.164/kon1.zip
25
https://76.105.248.137/kon1.zip
26
https://173.216.247.74/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
27
https://77.48.30.156/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
28
https://77.95.195.68/kon1.zip
29
https://37.57.144.177/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
30
https://68.55.59.145/kon1.zip
31
https://95.143.141.50/kon1.zip
32
https://194.228.203.19/kon1.zip
33
https://87.249.142.189/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
34
https://85.135.104.170/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
35
https://76.84.81.120/kon1.zip
36
https://84.246.161.47/kon1.zip
37
https://217.168.210.122/kon1.zip
38
https://81.90.175.7/kon1.zip
39
https://81.93.205.218/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
40
https://81.93.205.251/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
41
https://87.229.109.250/kon1.zip
42
https://96.46.103.232/kon1.zip
43
https://68.70.242.203/kon1.zip
95f8ee0f5b53aacdaf81b8b032299578
44
https://66.215.30.118/kon1.zip
45
https://64.111.36.52/kon1.zip
46
https://178.222.250.35/kon1.zip
47
https://94.154.107.172/kon1.zip
48
https://68.119.5.32/kon1.zip
49
https://194.106.166.22/kon1.zip
50
https://188.255.243.105/kon1.zip