Collection of Upatre Samples ( alpha version)

Config File for b9deba5aa70b91a323eb1cbff757ce41

md5
b9deba5aa70b91a323eb1cbff757ce41
source
malwr
link
https://malwr.com/analysis/OWRlMWYxOTNkN2JlNGM1OTk1MGVlMDJkY2M4NGQ1MTY/
malware_name
vipkewek.exe
temp_file
scandate
2015-07-22 08:20:59
parsed
2015-07-26 11:16:20
decrypt_keys
3458a145
check_keys
c2_server
93.185.4.90
baseport
13920
useragent
FixUpdate
payload_format
sim
old
0
clientip
icanhazip.com
nr_targets
51
nr_delivery_sites
50
nr_delivery_sites_online
45
nr_payloads
1
ksa
dec
pdir
S11
delivered payloads:
1
0161484e56b3c681f3b36cc80f454363
downloaded
2015-07-26 11:16:20
scanned (on VT)
2015-07-22 15:30:16
positives
5 / 56
detected as
Bkav
HW32.Packed.2A39
Symantec
Suspicious.Cloud.5
TrendMicro-HouseCall
TROJ_UPATRE.SMJT
Kaspersky
UDS:DangerousObject.Multi.Generic
TrendMicro
TROJ_UPATRE.SMJT
not detected by:
TotalDefense, MicroWorld-eScan, nProtect, CAT-QuickHeal, ALYac, Malwarebytes, Zillya, AegisLab, K7AntiVirus, Alibaba, K7GW, TheHacker, NANO-Antivirus, Cyren, ESET-NOD32, Avast, ClamAV, GData, BitDefender, Agnitum, SUPERAntiSpyware, Tencent, Ad-Aware, Sophos, Comodo, F-Secure, DrWeb, VIPRE, McAfee-GW-Edition, Emsisoft, F-Prot, Jiangmin, Avira, Antiy-AVL, Kingsoft, Arcabit, ViRobot, AhnLab-V3, Microsoft, ByteHero, McAfee, AVware, VBA32, Baidu-International, Zoner, Rising, Ikarus, Fortinet, AVG, Panda, Qihoo-360
delivery sites:
1
https://24.220.92.193/si11.tar
0161484e56b3c681f3b36cc80f454363
2
https://176.36.251.208/si11.tar
0161484e56b3c681f3b36cc80f454363
3
https://67.221.195.6/si11.tar
0161484e56b3c681f3b36cc80f454363
4
https://69.163.81.211/si11.tar
0161484e56b3c681f3b36cc80f454363
5
https://216.254.231.11/si11.tar
0161484e56b3c681f3b36cc80f454363
6
https://24.33.131.116/si11.tar
0161484e56b3c681f3b36cc80f454363
7
https://104.174.123.66/si11.tar
0161484e56b3c681f3b36cc80f454363
8
https://72.230.82.80/si11.tar
0161484e56b3c681f3b36cc80f454363
9
https://173.248.31.6/si11.tar
0161484e56b3c681f3b36cc80f454363
10
https://173.243.255.79/si11.tar
0161484e56b3c681f3b36cc80f454363
11
https://69.9.204.114/si11.tar
0161484e56b3c681f3b36cc80f454363
12
https://188.255.239.34/si11.tar
0161484e56b3c681f3b36cc80f454363
13
https://69.144.171.44/si11.tar
0161484e56b3c681f3b36cc80f454363
14
https://65.33.236.173/si11.tar
0161484e56b3c681f3b36cc80f454363
15
https://216.16.93.250/si11.tar
16
https://98.214.11.253/si11.tar
0161484e56b3c681f3b36cc80f454363
17
https://24.148.217.188/si11.tar
0161484e56b3c681f3b36cc80f454363
18
https://173.216.247.74/si11.tar
0161484e56b3c681f3b36cc80f454363
19
https://77.48.30.156/si11.tar
0161484e56b3c681f3b36cc80f454363
20
https://37.57.144.177/si11.tar
0161484e56b3c681f3b36cc80f454363
21
https://95.143.141.50/si11.tar
0161484e56b3c681f3b36cc80f454363
22
https://194.228.203.19/si11.tar
0161484e56b3c681f3b36cc80f454363
23
https://87.249.142.189/si11.tar
0161484e56b3c681f3b36cc80f454363
24
https://85.135.104.170/si11.tar
0161484e56b3c681f3b36cc80f454363
25
https://76.84.81.120/si11.tar
0161484e56b3c681f3b36cc80f454363
26
https://84.246.161.47/si11.tar
0161484e56b3c681f3b36cc80f454363
27
https://217.168.210.122/si11.tar
0161484e56b3c681f3b36cc80f454363
28
https://81.90.175.7/si11.tar
29
https://68.70.242.203/si11.tar
0161484e56b3c681f3b36cc80f454363
30
https://64.111.36.52/si11.tar
0161484e56b3c681f3b36cc80f454363
31
https://178.222.250.35/si11.tar
0161484e56b3c681f3b36cc80f454363
32
https://94.154.107.172/si11.tar
0161484e56b3c681f3b36cc80f454363
33
https://68.119.5.32/si11.tar
34
https://194.106.166.22/si11.tar
0161484e56b3c681f3b36cc80f454363
35
https://188.255.243.105/si11.tar
0161484e56b3c681f3b36cc80f454363
36
https://188.255.236.184/si11.tar
0161484e56b3c681f3b36cc80f454363
37
https://98.181.17.39/si11.tar
0161484e56b3c681f3b36cc80f454363
38
https://67.207.229.215/si11.tar
0161484e56b3c681f3b36cc80f454363
39
https://67.206.96.68/si11.tar
0161484e56b3c681f3b36cc80f454363
40
https://67.222.197.54/si11.tar
0161484e56b3c681f3b36cc80f454363
41
https://69.8.50.85/si11.tar
0161484e56b3c681f3b36cc80f454363
42
https://67.22.167.163/si11.tar
0161484e56b3c681f3b36cc80f454363
43
https://209.40.238.170/si11.tar
0161484e56b3c681f3b36cc80f454363
44
https://98.102.44.38/si11.tar
45
https://64.111.42.64/si11.tar
0161484e56b3c681f3b36cc80f454363
46
https://72.174.240.148/si11.tar
0161484e56b3c681f3b36cc80f454363
47
https://63.248.156.246/si11.tar
0161484e56b3c681f3b36cc80f454363
48
https://72.175.10.116/si11.tar
0161484e56b3c681f3b36cc80f454363
49
https://70.35.255.219/si11.tar
0161484e56b3c681f3b36cc80f454363
50
https://208.123.54.151/si11.tar