Collection of Upatre Samples ( alpha version)

Config File for 51520c01d080cfb4efa32919aa252050

md5
51520c01d080cfb4efa32919aa252050
source
virusshare
link
download.4n6?sample=4e4dcdc1d63e4bee3d21b7fe6065af9590bede77726884a7dbe4136fe03d4c06
malware_name
Duisude.exe
temp_file
scandate
2015-07-16 07:23:22
parsed
2015-09-16 11:13:32
decrypt_keys
e617a971
check_keys
c2_server
38.65.142.12
baseport
13920
useragent
Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0
payload_format
sim
old
0
clientip
icanhazip.com
nr_targets
51
nr_delivery_sites
50
nr_delivery_sites_online
18
nr_payloads
1
ksa
dec
pdir
WY22
delivered payloads:
1
ada37e406aed6abee7cfb2c514b2cf5b
downloaded
2015-07-11 21:05:19
scanned (on VT)
2015-07-10 19:57:27
positives
4 / 56
detected as
MicroWorld-eScan
Trojan.Upatre.EO
ESET-NOD32
Win32/Battdil.AE
AhnLab-V3
Trojan/Win32.Upatre
ByteHero
Virus.Win32.Heur.c
not detected by:
Bkav, TotalDefense, nProtect, CAT-QuickHeal, ALYac, Malwarebytes, Zillya, TheHacker, Alibaba, K7GW, K7AntiVirus, Agnitum, F-Prot, Symantec, TrendMicro-HouseCall, Avast, ClamAV, GData, Kaspersky, BitDefender, NANO-Antivirus, ViRobot, SUPERAntiSpyware, Tencent, Ad-Aware, Emsisoft, Comodo, F-Secure, DrWeb, VIPRE, TrendMicro, McAfee-GW-Edition, Sophos, Cyren, Jiangmin, Avira, Antiy-AVL, Kingsoft, Arcabit, AegisLab, Microsoft, McAfee, AVware, VBA32, Baidu-International, Zoner, Rising, Ikarus, Fortinet, AVG, Panda, Qihoo-360
delivery sites:
1
https://98.181.17.39/wk22.tar
2
https://67.221.195.175/wk22.tar
3
https://67.207.229.215/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
4
https://67.206.96.68/wk22.tar
5
https://109.86.226.85/wk22.tar
6
https://24.220.92.193/wk22.tar
7
https://176.36.251.208/wk22.tar
8
https://173.216.240.56/wk22.tar
9
https://69.163.81.211/wk22.tar
10
https://216.254.231.11/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
11
https://24.33.131.116/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
12
https://104.174.123.66/wk22.tar
13
https://72.230.82.80/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
14
https://173.248.22.227/wk22.tar
15
https://173.248.31.6/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
16
https://173.243.255.79/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
17
https://69.9.204.114/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
18
https://188.255.239.34/wk22.tar
19
https://69.144.171.44/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
20
https://65.33.236.173/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
21
https://71.99.130.24/wk22.tar
22
https://216.16.93.250/wk22.tar
23
https://98.214.11.253/wk22.tar
24
https://24.148.217.188/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
25
https://98.209.75.164/wk22.tar
26
https://76.105.248.137/wk22.tar
27
https://173.216.247.74/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
28
https://77.48.30.156/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
29
https://37.57.144.177/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
30
https://68.55.59.145/wk22.tar
31
https://95.143.141.50/wk22.tar
32
https://194.228.203.19/wk22.tar
33
https://87.249.142.189/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
34
https://85.135.104.170/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
35
https://76.84.81.120/wk22.tar
36
https://84.246.161.47/wk22.tar
37
https://217.168.210.122/wk22.tar
38
https://81.90.175.7/wk22.tar
39
https://81.93.205.218/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
40
https://81.93.205.251/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
41
https://87.229.109.250/wk22.tar
42
https://68.70.242.203/wk22.tar
ada37e406aed6abee7cfb2c514b2cf5b
43
https://66.215.30.118/wk22.tar
44
https://64.111.36.52/wk22.tar
45
https://178.222.250.35/wk22.tar
46
https://94.154.107.172/wk22.tar
47
https://68.119.5.32/wk22.tar
48
https://194.106.166.22/wk22.tar
49
https://188.255.243.105/wk22.tar
50
https://188.255.236.184/wk22.tar