Collection of Upatre Samples ( alpha version)

Config File for 6537677ba427885e3a909fa64c0c3ac7

md5
6537677ba427885e3a909fa64c0c3ac7
source
malwr
link
https://malwr.com/analysis/ZTJjNjdlZWYwMzRhNDc5YzliMDZlMTRlN2MzOWM4OWY/
malware_name
elarvolume.exe
temp_file
scandate
2015-07-21 20:25:23
parsed
2015-07-22 18:01:46
decrypt_keys
76281d42
check_keys
c2_server
93.185.4.90
baseport
9587
useragent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.36 (KHTML, like Gecko) Chrome/44.0.2455.81 Safari/535.36
payload_format
sim
old
0
clientip
checkip.dyndns.org
nr_targets
51
nr_delivery_sites
50
nr_delivery_sites_online
46
nr_payloads
1
ksa
dec
pdir
AST
delivered payloads:
1
c4b7cedde015715d6b324e152e8b77d3
downloaded
2015-07-23 13:00:21
scanned (on VT)
2015-07-22 16:01:27
positives
2 / 56
detected as
ESET-NOD32
Win32/Battdil.AI
Avast
Win32:Malware-gen
not detected by:
Bkav, TotalDefense, MicroWorld-eScan, nProtect, CAT-QuickHeal, ALYac, Malwarebytes, Zillya, SUPERAntiSpyware, TheHacker, BitDefender, K7GW, K7AntiVirus, NANO-Antivirus, F-Prot, Symantec, TrendMicro-HouseCall, ClamAV, GData, Kaspersky, Alibaba, Agnitum, AegisLab, Tencent, Ad-Aware, Sophos, Comodo, F-Secure, DrWeb, VIPRE, TrendMicro, McAfee-GW-Edition, Emsisoft, Cyren, Jiangmin, Avira, Antiy-AVL, Kingsoft, Arcabit, ViRobot, AhnLab-V3, Microsoft, ByteHero, McAfee, AVware, VBA32, Baidu-International, Zoner, Rising, Ikarus, Fortinet, AVG, Panda, Qihoo-360
delivery sites:
1
https://24.220.92.193/st.zip
c4b7cedde015715d6b324e152e8b77d3
2
https://176.36.251.208/st.zip
c4b7cedde015715d6b324e152e8b77d3
3
https://67.221.195.6/st.zip
c4b7cedde015715d6b324e152e8b77d3
4
https://69.163.81.211/st.zip
c4b7cedde015715d6b324e152e8b77d3
5
https://216.254.231.11/st.zip
c4b7cedde015715d6b324e152e8b77d3
6
https://24.33.131.116/st.zip
c4b7cedde015715d6b324e152e8b77d3
7
https://104.174.123.66/st.zip
c4b7cedde015715d6b324e152e8b77d3
8
https://72.230.82.80/st.zip
c4b7cedde015715d6b324e152e8b77d3
9
https://173.248.31.6/st.zip
c4b7cedde015715d6b324e152e8b77d3
10
https://173.243.255.79/st.zip
11
https://69.9.204.114/st.zip
c4b7cedde015715d6b324e152e8b77d3
12
https://188.255.239.34/st.zip
c4b7cedde015715d6b324e152e8b77d3
13
https://69.144.171.44/st.zip
c4b7cedde015715d6b324e152e8b77d3
14
https://65.33.236.173/st.zip
c4b7cedde015715d6b324e152e8b77d3
15
https://216.16.93.250/st.zip
c4b7cedde015715d6b324e152e8b77d3
16
https://98.214.11.253/st.zip
c4b7cedde015715d6b324e152e8b77d3
17
https://24.148.217.188/st.zip
c4b7cedde015715d6b324e152e8b77d3
18
https://173.216.247.74/st.zip
c4b7cedde015715d6b324e152e8b77d3
19
https://77.48.30.156/st.zip
c4b7cedde015715d6b324e152e8b77d3
20
https://37.57.144.177/st.zip
c4b7cedde015715d6b324e152e8b77d3
21
https://95.143.141.50/st.zip
c4b7cedde015715d6b324e152e8b77d3
22
https://194.228.203.19/st.zip
c4b7cedde015715d6b324e152e8b77d3
23
https://87.249.142.189/st.zip
c4b7cedde015715d6b324e152e8b77d3
24
https://85.135.104.170/st.zip
c4b7cedde015715d6b324e152e8b77d3
25
https://76.84.81.120/st.zip
c4b7cedde015715d6b324e152e8b77d3
26
https://84.246.161.47/st.zip
c4b7cedde015715d6b324e152e8b77d3
27
https://217.168.210.122/st.zip
c4b7cedde015715d6b324e152e8b77d3
28
https://81.90.175.7/st.zip
c4b7cedde015715d6b324e152e8b77d3
29
https://68.70.242.203/st.zip
c4b7cedde015715d6b324e152e8b77d3
30
https://64.111.36.52/st.zip
c4b7cedde015715d6b324e152e8b77d3
31
https://178.222.250.35/st.zip
c4b7cedde015715d6b324e152e8b77d3
32
https://94.154.107.172/st.zip
c4b7cedde015715d6b324e152e8b77d3
33
https://68.119.5.32/st.zip
c4b7cedde015715d6b324e152e8b77d3
34
https://194.106.166.22/st.zip
c4b7cedde015715d6b324e152e8b77d3
35
https://188.255.243.105/st.zip
c4b7cedde015715d6b324e152e8b77d3
36
https://188.255.236.184/st.zip
c4b7cedde015715d6b324e152e8b77d3
37
https://98.181.17.39/st.zip
c4b7cedde015715d6b324e152e8b77d3
38
https://67.207.229.215/st.zip
c4b7cedde015715d6b324e152e8b77d3
39
https://67.206.96.68/st.zip
c4b7cedde015715d6b324e152e8b77d3
40
https://67.222.197.54/st.zip
c4b7cedde015715d6b324e152e8b77d3
41
https://69.8.50.85/st.zip
c4b7cedde015715d6b324e152e8b77d3
42
https://67.22.167.163/st.zip
c4b7cedde015715d6b324e152e8b77d3
43
https://209.40.238.170/st.zip
c4b7cedde015715d6b324e152e8b77d3
44
https://98.102.44.38/st.zip
45
https://64.111.42.64/st.zip
c4b7cedde015715d6b324e152e8b77d3
46
https://72.174.240.148/st.zip
c4b7cedde015715d6b324e152e8b77d3
47
https://63.248.156.246/st.zip
c4b7cedde015715d6b324e152e8b77d3
48
https://64.184.183.20/st.zip
49
https://72.175.10.116/st.zip
c4b7cedde015715d6b324e152e8b77d3
50
https://74.116.183.136/st.zip