Collection of Upatre Samples ( alpha version)

Config File for 7c86302c7542409c5de92d35e20c116c

md5
7c86302c7542409c5de92d35e20c116c
source
malwr
link
https://malwr.com/analysis/MjAxNTJjNWFmOTczNGMyYTgxMDgzYzFmMTU5Yzg2MWQ/
malware_name
olijohas.exe
temp_file
tmp-73EA.txt
scandate
2015-06-30 06:06:32
parsed
2015-07-01 10:05:36
decrypt_keys
45bbe902
check_keys
7b211fda
c2_server
188.120.194.101
baseport
9587
useragent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/538.35 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/538.35
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
51
nr_delivery_sites
50
nr_delivery_sites_online
40
nr_payloads
1
ksa
chk
pdir
max22
delivered payloads:
1
4a97effe251683b424bdaf69825420a8
downloaded
2015-06-29 21:03:32
scanned (on VT)
2015-06-29 09:37:56
positives
36 / 56
detected as
MicroWorld-eScan
Gen:Variant.Dyzap.16
McAfee
Artemis!3D54D7386F58
Malwarebytes
Spyware.Dyre
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
K7AntiVirus
Exploit ( 004c61c11 )
BitDefender
Gen:Variant.Dyzap.16
K7GW
Exploit ( 004c61c11 )
NANO-Antivirus
Trojan.Win32.Dyre.dswbyd
F-Prot
W32/Dropper.gen8!Maximus
ESET-NOD32
a variant of Win32/Exploit.CVE-2013-3660.P
TrendMicro-HouseCall
TSPY_DYRE.YYSL
Avast
Win64:Malware-gen
GData
Gen:Variant.Dyzap.16
Kaspersky
Trojan-Banker.Win32.Dyre.qe
Ad-Aware
Gen:Variant.Dyzap.16
Sophos
Mal/Generic-L
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Variant.Dyzap.16
DrWeb
Trojan.DownLoader14.4510
TrendMicro
TSPY_DYRE.YYSL
McAfee-GW-Edition
BehavesLike.Win32.BadFile.jh
Emsisoft
Gen:Variant.Dyzap.16 (B)
Cyren
W32/Dropper.gen8!Maximus
Avira
W32/Etap
Arcabit
Trojan.Dyzap.16
AhnLab-V3
Trojan/Win32.Dyzap
Microsoft
TrojanDropper:Win32/Evotob
ALYac
Gen:Variant.Dyzap.16
AVware
BehavesLike.Win32.Malware.bsf (vs)
VBA32
suspected of Trojan.Downloader.gen.h
Baidu-International
Trojan.Win32.Banker.qe
Ikarus
Trojan.Win32.Battdil
Fortinet
W32/CVE_2013_3660.P!tr
AVG
Generic_r.FIN
Panda
Trj/Genetic.gen
Qihoo-360
Win32/Trojan.ae7
not detected by:
Bkav, nProtect, CAT-QuickHeal, AegisLab, TheHacker, Symantec, ClamAV, Alibaba, Agnitum, ViRobot, ByteHero, Tencent, Zillya, Jiangmin, Antiy-AVL, Kingsoft, SUPERAntiSpyware, TotalDefense, Zoner, Rising
delivery sites:
1
https://24.19.25.40/maxi22.png
2
https://98.246.210.27/maxi22.png
4a97effe251683b424bdaf69825420a8
3
https://66.196.61.218/maxi22.png
4a97effe251683b424bdaf69825420a8
4
https://69.180.128.71/maxi22.png
5
https://98.214.11.253/maxi22.png
4a97effe251683b424bdaf69825420a8
6
https://24.148.217.188/maxi22.png
4a97effe251683b424bdaf69825420a8
7
https://98.209.75.164/maxi22.png
4a97effe251683b424bdaf69825420a8
8
https://76.105.248.137/maxi22.png
4a97effe251683b424bdaf69825420a8
9
https://173.216.247.74/maxi22.png
4a97effe251683b424bdaf69825420a8
10
https://64.111.36.35/maxi22.png
11
https://69.9.204.16/maxi22.png
4a97effe251683b424bdaf69825420a8
12
https://77.48.30.156/maxi22.png
4a97effe251683b424bdaf69825420a8
13
https://77.95.195.68/maxi22.png
4a97effe251683b424bdaf69825420a8
14
https://37.57.144.177/maxi22.png
4a97effe251683b424bdaf69825420a8
15
https://68.55.59.145/maxi22.png
4a97effe251683b424bdaf69825420a8
16
https://95.143.141.50/maxi22.png
4a97effe251683b424bdaf69825420a8
17
https://188.255.243.105/maxi22.png
18
https://95.143.132.118/maxi22.png
19
https://194.228.203.19/maxi22.png
4a97effe251683b424bdaf69825420a8
20
https://94.127.129.182/maxi22.png
4a97effe251683b424bdaf69825420a8
21
https://87.249.142.189/maxi22.png
4a97effe251683b424bdaf69825420a8
22
https://85.135.104.170/maxi22.png
4a97effe251683b424bdaf69825420a8
23
https://76.84.81.120/maxi22.png
4a97effe251683b424bdaf69825420a8
24
https://84.246.161.47/maxi22.png
4a97effe251683b424bdaf69825420a8
25
https://217.168.210.122/maxi22.png
4a97effe251683b424bdaf69825420a8
26
https://81.90.175.7/maxi22.png
4a97effe251683b424bdaf69825420a8
27
https://62.204.250.26/maxi22.png
4a97effe251683b424bdaf69825420a8
28
https://94.103.54.19/maxi22.png
29
https://81.93.205.218/maxi22.png
4a97effe251683b424bdaf69825420a8
30
https://81.93.205.251/maxi22.png
4a97effe251683b424bdaf69825420a8
31
https://87.229.109.250/maxi22.png
4a97effe251683b424bdaf69825420a8
32
https://216.51.193.145/maxi22.png
4a97effe251683b424bdaf69825420a8
33
https://96.46.103.232/maxi22.png
4a97effe251683b424bdaf69825420a8
34
https://68.70.242.203/maxi22.png
4a97effe251683b424bdaf69825420a8
35
https://66.215.30.118/maxi22.png
4a97effe251683b424bdaf69825420a8
36
https://96.46.99.183/maxi22.png
4a97effe251683b424bdaf69825420a8
37
https://96.46.100.49/maxi22.png
4a97effe251683b424bdaf69825420a8
38
https://64.111.36.52/maxi22.png
4a97effe251683b424bdaf69825420a8
39
https://38.124.74.146/maxi22.png
40
https://188.255.167.90/maxi22.png
41
https://194.106.166.22/maxi22.png
4a97effe251683b424bdaf69825420a8
42
https://188.255.147.104/maxi22.png
4a97effe251683b424bdaf69825420a8
43
https://188.255.236.184/maxi22.png
44
https://75.98.149.138/maxi22.png
4a97effe251683b424bdaf69825420a8
45
https://79.101.42.247/maxi22.png
46
https://96.46.99.215/maxi22.png
4a97effe251683b424bdaf69825420a8
47
https://178.222.250.35/maxi22.png
4a97effe251683b424bdaf69825420a8
48
https://94.154.107.172/maxi22.png
4a97effe251683b424bdaf69825420a8
49
https://64.203.121.6/maxi22.png
4a97effe251683b424bdaf69825420a8
50
https://104.174.123.66/maxi22.png
4a97effe251683b424bdaf69825420a8