Collection of Upatre Samples ( alpha version)

Config File for 91dfa7962452210efcf02a2c1e0fd4be

md5
91dfa7962452210efcf02a2c1e0fd4be
source
malwr
link
https://malwr.com/analysis/ODYzMTgyYjg3NDViNDBjZjk3NGMyZWY0ZmE5OTI2OWQ/
malware_name
zofapit.exe
temp_file
Zofa-12.txt
scandate
2015-06-17 19:08:25
parsed
2015-07-01 11:14:38
decrypt_keys
45bbe902
check_keys
7b211fda
c2_server
188.120.194.101
baseport
9587
useragent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/538.35 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/538.35
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
51
nr_delivery_sites
50
nr_delivery_sites_online
40
nr_payloads
1
ksa
chk
pdir
Pax
delivered payloads:
1
2c59a8b7a8e4922f0bebf0c60a97877c
downloaded
2015-07-01 11:14:38
scanned (on VT)
2015-06-28 15:56:59
positives
38 / 56
detected as
MicroWorld-eScan
Gen:Variant.Dyzap.16
McAfee
RDN/Generic Dropper!xd
Malwarebytes
Spyware.Dyre
Zillya
Trojan.Dyre.Win32.186
K7AntiVirus
Exploit ( 004c61c11 )
K7GW
Exploit ( 004c61c11 )
F-Prot
W32/Dropper.gen8!Maximus
Symantec
WS.Reputation.1
ESET-NOD32
a variant of Win32/Exploit.CVE-2013-3660.P
TrendMicro-HouseCall
TSPY_DYRE.KE
Avast
Win64:Malware-gen
GData
Gen:Variant.Dyzap.16
Kaspersky
Trojan-Banker.Win32.Dyre.qj
BitDefender
Gen:Variant.Dyzap.16
NANO-Antivirus
Trojan.Win32.Dyre.dszdmb
Ad-Aware
Gen:Variant.Dyzap.16
Emsisoft
Gen:Variant.Dyzap.16 (B)
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Variant.Dyzap.16
DrWeb
DLOADER.Trojan
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
TrendMicro
TSPY_DYRE.KE
McAfee-GW-Edition
BehavesLike.Win32.Dropper.jh
Sophos
Mal/Dyreza-K
Cyren
W32/Dropper.gen8!Maximus
Avira
W32/Etap
Arcabit
Trojan.Dyzap.16
AhnLab-V3
Trojan/Win32.Dyzap
Microsoft
TrojanDropper:Win32/Evotob
ALYac
Gen:Variant.Dyzap.16
AVware
BehavesLike.Win32.Malware.bsf (vs)
VBA32
suspected of Trojan.Downloader.gen.h
Baidu-International
Trojan.Win32.Banker.qj
Ikarus
Trojan.Win32.Exploit
Fortinet
W32/CVE_2013_3660.K!tr
AVG
Generic_r.FIN
Panda
Trj/Genetic.gen
Qihoo-360
Win32/Virus.f88
not detected by:
Bkav, TotalDefense, nProtect, CAT-QuickHeal, Alibaba, TheHacker, Agnitum, ClamAV, ViRobot, SUPERAntiSpyware, Tencent, Jiangmin, Antiy-AVL, Kingsoft, AegisLab, ByteHero, Zoner, Rising
delivery sites:
1
https://24.19.25.40/paxi1.dat
2
https://98.246.210.27/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
3
https://66.196.61.218/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
4
https://69.180.128.71/paxi1.dat
5
https://98.214.11.253/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
6
https://24.148.217.188/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
7
https://98.209.75.164/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
8
https://76.105.248.137/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
9
https://173.216.247.74/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
10
https://64.111.36.35/paxi1.dat
11
https://69.9.204.16/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
12
https://77.48.30.156/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
13
https://77.95.195.68/paxi1.dat
14
https://37.57.144.177/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
15
https://68.55.59.145/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
16
https://95.143.141.50/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
17
https://188.255.243.105/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
18
https://95.143.132.118/paxi1.dat
19
https://194.228.203.19/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
20
https://94.127.129.182/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
21
https://87.249.142.189/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
22
https://85.135.104.170/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
23
https://76.84.81.120/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
24
https://84.246.161.47/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
25
https://217.168.210.122/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
26
https://81.90.175.7/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
27
https://62.204.250.26/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
28
https://94.103.54.19/paxi1.dat
29
https://81.93.205.218/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
30
https://81.93.205.251/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
31
https://87.229.109.250/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
32
https://216.51.193.145/paxi1.dat
33
https://96.46.103.232/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
34
https://68.70.242.203/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
35
https://66.215.30.118/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
36
https://96.46.99.183/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
37
https://96.46.100.49/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
38
https://64.111.36.52/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
39
https://38.124.74.146/paxi1.dat
40
https://188.255.167.90/paxi1.dat
41
https://194.106.166.22/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
42
https://188.255.147.104/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
43
https://188.255.236.184/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
44
https://75.98.149.138/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
45
https://79.101.42.247/paxi1.dat
46
https://96.46.99.215/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
47
https://178.222.250.35/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
48
https://94.154.107.172/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
49
https://64.203.121.6/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c
50
https://104.174.123.66/paxi1.dat
2c59a8b7a8e4922f0bebf0c60a97877c