Collection of Upatre Samples ( alpha version)

Config File for a29c1659a15e30514940a9d37cf06bb7

md5
a29c1659a15e30514940a9d37cf06bb7
source
malwr
link
https://malwr.com/analysis/YmUzMDMyMDIxN2Y2NGZkNWEyMWI2YzhjOWZlOWJjNTk/
malware_name
ezywoma.exe
temp_file
scandate
2015-07-24 00:15:45
parsed
2015-07-24 13:34:25
decrypt_keys
3a0b6e58
check_keys
c2_server
93.185.4.90
baseport
9587
useragent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.37 (KHTML, like Gecko) Chrome/46.0.2455.81 Safari/537.37
payload_format
sim
old
0
clientip
checkip.dyndns.org
nr_targets
51
nr_delivery_sites
50
nr_delivery_sites_online
47
nr_payloads
1
ksa
dec
pdir
DR1
delivered payloads:
1
0359ea843a9aebb4f2b0dfab75f77fe8
downloaded
2015-07-24 13:34:25
scanned (on VT)
2015-07-24 11:34:10
positives
2 / 56
detected as
ESET-NOD32
Win32/Battdil.J
Avast
Win32:Malware-gen
not detected by:
Bkav, TotalDefense, MicroWorld-eScan, nProtect, CAT-QuickHeal, ALYac, Malwarebytes, Zillya, SUPERAntiSpyware, TheHacker, Alibaba, K7GW, K7AntiVirus, Agnitum, F-Prot, Symantec, TrendMicro-HouseCall, ClamAV, GData, Kaspersky, BitDefender, NANO-Antivirus, AegisLab, Tencent, Ad-Aware, Sophos, Comodo, F-Secure, DrWeb, VIPRE, TrendMicro, McAfee-GW-Edition, Emsisoft, Cyren, Jiangmin, Avira, Antiy-AVL, Kingsoft, Arcabit, ViRobot, AhnLab-V3, Microsoft, ByteHero, McAfee, AVware, VBA32, Baidu-International, Zoner, Rising, Ikarus, Fortinet, AVG, Panda, Qihoo-360
delivery sites:
1
https://24.220.92.193/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
2
https://176.36.251.208/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
3
https://67.221.195.6/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
4
https://69.163.81.211/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
5
https://216.254.231.11/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
6
https://24.33.131.116/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
7
https://104.174.123.66/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
8
https://72.230.82.80/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
9
https://173.248.31.6/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
10
https://69.9.204.114/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
11
https://188.255.239.34/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
12
https://69.144.171.44/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
13
https://65.33.236.173/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
14
https://216.16.93.250/dra.zip
15
https://98.214.11.253/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
16
https://24.148.217.188/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
17
https://173.216.247.74/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
18
https://77.48.30.156/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
19
https://37.57.144.177/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
20
https://95.143.141.50/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
21
https://194.228.203.19/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
22
https://87.249.142.189/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
23
https://85.135.104.170/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
24
https://76.84.81.120/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
25
https://84.246.161.47/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
26
https://217.168.210.122/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
27
https://81.90.175.7/dra.zip
28
https://68.70.242.203/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
29
https://64.111.36.52/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
30
https://178.222.250.35/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
31
https://94.154.107.172/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
32
https://194.106.166.22/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
33
https://188.255.243.105/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
34
https://188.255.236.184/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
35
https://98.181.17.39/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
36
https://67.207.229.215/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
37
https://67.206.96.68/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
38
https://67.222.197.54/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
39
https://69.8.50.85/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
40
https://67.22.167.163/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
41
https://209.40.238.170/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
42
https://64.111.42.64/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
43
https://72.174.240.148/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
44
https://63.248.156.246/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
45
https://72.175.10.116/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
46
https://70.35.255.219/dra.zip
47
https://73.142.130.81/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
48
https://208.117.68.78/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
49
https://162.153.189.143/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8
50
https://72.171.9.146/dra.zip
0359ea843a9aebb4f2b0dfab75f77fe8