Collection of Upatre Samples ( alpha version)

Config File for 595403dcf3f0a68eefb35237e8422420

md5
595403dcf3f0a68eefb35237e8422420
source
virusshare
link
download.4n6?sample=e8819ad3bc784871932c51afd5f638807b178f0898b7115e502948689507fe97
malware_name
XYCcokade.exe
temp_file
XYC891.tmp
scandate
2015-08-20 05:47:28
parsed
2015-09-16 12:26:06
decrypt_keys
39e5f217
check_keys
68affb2a
c2_server
38.65.142.12
baseport
9587
useragent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.36 (KHTML, like Gecko) Chrome/44.0.2456.82 Safari/535.36
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
51
nr_delivery_sites
50
nr_delivery_sites_online
18
nr_payloads
1
ksa
chk
pdir
MC2
delivered payloads:
1
7ae2e50c63995e63cc7f8450bcf7bcd5
downloaded
2015-09-16 12:26:06
scanned (on VT)
2015-07-13 19:38:23
positives
26 / 56
detected as
MicroWorld-eScan
Gen:Variant.Dyzap.16
Malwarebytes
Spyware.Dyre
BitDefender
Gen:Variant.Dyzap.16
F-Prot
W32/Dropper.gen8!Maximus
ByteHero
Virus.Win32.Part.a
TrendMicro-HouseCall
Cryp_Xin2
Avast
Win32:Malware-gen
Ad-Aware
Gen:Variant.Dyzap.16
Sophos
Troj/UACMe-A
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Variant.Dyzap.16
DrWeb
MULDROP.Trojan
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
TrendMicro
Cryp_Xin2
Emsisoft
Gen:Variant.Dyzap.16 (B)
Cyren
W32/Dropper.gen8!Maximus
Avira
W32/Etap
Fortinet
W32/Sikutan.C!tr
Arcabit
Trojan.Dyzap.16
ALYac
Gen:Variant.Dyzap.16
AVware
BehavesLike.Win32.Malware.bsf (vs)
VBA32
suspected of Trojan.Downloader.gen.h
Panda
Trj/Genetic.gen
ESET-NOD32
a variant of Win32/Exploit.CVE-2013-3660.P
Ikarus
Trojan.Inject
GData
Gen:Variant.Dyzap.16
not detected by:
Bkav, nProtect, CAT-QuickHeal, McAfee, Zillya, TheHacker, K7GW, K7AntiVirus, NANO-Antivirus, Symantec, ClamAV, Kaspersky, Alibaba, Agnitum, ViRobot, AegisLab, Rising, McAfee-GW-Edition, Jiangmin, Antiy-AVL, Kingsoft, SUPERAntiSpyware, AhnLab-V3, Microsoft, TotalDefense, Zoner, Tencent, AVG, Baidu-International, Qihoo-360
delivery sites:
1
https://98.181.17.39/mc12.tar
2
https://67.221.195.175/mc12.tar
3
https://67.207.229.215/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
4
https://67.206.96.68/mc12.tar
5
https://109.86.226.85/mc12.tar
6
https://24.220.92.193/mc12.tar
7
https://176.36.251.208/mc12.tar
8
https://173.216.240.56/mc12.tar
9
https://69.163.81.211/mc12.tar
10
https://216.254.231.11/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
11
https://24.33.131.116/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
12
https://104.174.123.66/mc12.tar
13
https://72.230.82.80/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
14
https://173.248.22.227/mc12.tar
15
https://173.248.31.6/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
16
https://173.243.255.79/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
17
https://69.9.204.114/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
18
https://188.255.239.34/mc12.tar
19
https://69.144.171.44/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
20
https://65.33.236.173/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
21
https://71.99.130.24/mc12.tar
22
https://216.16.93.250/mc12.tar
23
https://98.214.11.253/mc12.tar
24
https://24.148.217.188/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
25
https://98.209.75.164/mc12.tar
26
https://76.105.248.137/mc12.tar
27
https://173.216.247.74/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
28
https://77.48.30.156/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
29
https://37.57.144.177/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
30
https://68.55.59.145/mc12.tar
31
https://95.143.141.50/mc12.tar
32
https://194.228.203.19/mc12.tar
33
https://87.249.142.189/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
34
https://85.135.104.170/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
35
https://76.84.81.120/mc12.tar
36
https://84.246.161.47/mc12.tar
37
https://217.168.210.122/mc12.tar
38
https://81.90.175.7/mc12.tar
39
https://81.93.205.218/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
40
https://81.93.205.251/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
41
https://87.229.109.250/mc12.tar
42
https://68.70.242.203/mc12.tar
7ae2e50c63995e63cc7f8450bcf7bcd5
43
https://66.215.30.118/mc12.tar
44
https://64.111.36.52/mc12.tar
45
https://178.222.250.35/mc12.tar
46
https://94.154.107.172/mc12.tar
47
https://68.119.5.32/mc12.tar
48
https://194.106.166.22/mc12.tar
49
https://188.255.243.105/mc12.tar
50
https://188.255.236.184/mc12.tar