Collection of Upatre Samples ( alpha version)

Config File for bf64612ad7088748e6dbc9daa0bf9af7

md5
bf64612ad7088748e6dbc9daa0bf9af7
source
malwr
link
https://malwr.com/analysis/Njg5N2I5ZWQyODNlNDkwY2JiZmI0ODQyYWM5YjJlMjE/
malware_name
cyduor2.exe
temp_file
cdsetup.log
scandate
2015-06-11 21:47:00
parsed
2015-07-02 22:21:49
decrypt_keys
16133ad1
check_keys
4ee26880
c2_server
188.120.194.101
baseport
9587
useragent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/538.37 (KHTML, like Gecko) Chrome/44.0.2457.82 Safari/538.37
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
47
nr_delivery_sites
46
nr_delivery_sites_online
23
nr_payloads
1
ksa
rol
pdir
LED22
delivered payloads:
1
0549aa31b8717c5319b2e14251f799e8
downloaded
2015-07-02 22:21:49
scanned (on VT)
2015-06-19 20:37:42
positives
36 / 57
detected as
MicroWorld-eScan
Gen:Variant.Dyzap.16
CAT-QuickHeal
Backdoor.NetWiredRC.B4
Malwarebytes
Spyware.Dyre
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
K7GW
Trojan ( 004c523f1 )
K7AntiVirus
Trojan ( 004c523f1 )
F-Prot
W32/Dropper.gen8!Maximus
ESET-NOD32
Win32/TrojanDropper.Sikutan.C
Avast
Win64:Malware-gen
GData
Gen:Variant.Dyzap.16
Kaspersky
Trojan-Banker.Win32.Dyre.ms
BitDefender
Gen:Variant.Dyzap.16
NANO-Antivirus
Trojan.Win32.Dyre.dsrstb
Tencent
Trojan.Win32.Qudamah.Gen.7
Ad-Aware
Gen:Variant.Dyzap.16
Emsisoft
Gen:Variant.Dyzap.16 (B)
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Variant.Dyzap.16
McAfee-GW-Edition
BehavesLike.Win32.BadFile.jh
Sophos
Mal/Generic-S
Cyren
W64/Trojan.EOPK-2648
Jiangmin
Trojan/Banker.Dyre.bq
Avira
W32/Etap
Antiy-AVL
Trojan/Win32.SGeneric
AhnLab-V3
Trojan/Win32.Battdil
Microsoft
PWS:Win32/Dyzap
ByteHero
Virus.Win32.Part.c
McAfee
Artemis!87E7721536D5
AVware
BehavesLike.Win32.Malware.bsf (vs)
VBA32
suspected of Trojan.Downloader.gen.h
Baidu-International
Trojan.Win32.Banker.ms
Ikarus
Win32.SuspectCrc
Fortinet
W32/Sikutan.C!tr
AVG
Generic_r.FEN
Panda
Trj/Genetic.gen
Qihoo-360
Win32/Trojan.c25
not detected by:
Bkav, TotalDefense, nProtect, CMC, ALYac, SUPERAntiSpyware, TheHacker, Alibaba, Agnitum, Symantec, TrendMicro-HouseCall, ClamAV, AegisLab, DrWeb, Zillya, TrendMicro, Kingsoft, Arcabit, ViRobot, Zoner, Rising
delivery sites:
1
https://173.248.29.43/ls22.png
2
https://109.86.226.85/ls22.png
0549aa31b8717c5319b2e14251f799e8
3
https://24.220.92.193/ls22.png
0549aa31b8717c5319b2e14251f799e8
4
https://176.36.251.208/ls22.png
0549aa31b8717c5319b2e14251f799e8
5
https://188.255.165.154/ls22.png
6
https://173.216.240.56/ls22.png
0549aa31b8717c5319b2e14251f799e8
7
https://68.190.246.142/ls22.png
8
https://188.255.169.176/ls22.png
9
https://162.255.126.8/ls22.png
10
https://75.137.112.81/ls22.png
11
https://69.163.81.211/ls22.png
0549aa31b8717c5319b2e14251f799e8
12
https://216.254.231.11/ls22.png
0549aa31b8717c5319b2e14251f799e8
13
https://24.33.131.116/ls22.png
0549aa31b8717c5319b2e14251f799e8
14
https://68.119.5.32/ls22.png
0549aa31b8717c5319b2e14251f799e8
15
https://71.194.36.73/ls22.png
16
https://97.92.125.74/ls22.png
17
https://98.204.215.92/ls22.png
18
https://70.121.191.206/ls22.png
19
https://72.230.82.80/ls22.png
0549aa31b8717c5319b2e14251f799e8
20
https://208.123.130.173/ls22.png
21
https://178.214.221.89/ls22.png
22
https://173.248.22.227/ls22.png
0549aa31b8717c5319b2e14251f799e8
23
https://173.248.31.1/ls22.png
0549aa31b8717c5319b2e14251f799e8
24
https://173.248.31.6/ls22.png
0549aa31b8717c5319b2e14251f799e8
25
https://188.255.167.4/ls22.png
26
https://173.248.27.163/ls22.png
27
https://173.243.255.79/ls22.png
0549aa31b8717c5319b2e14251f799e8
28
https://69.9.204.114/ls22.png
0549aa31b8717c5319b2e14251f799e8
29
https://73.175.203.173/ls22.png
30
https://188.255.239.34/ls22.png
0549aa31b8717c5319b2e14251f799e8
31
https://75.132.173.27/ls22.png
32
https://76.84.81.120/ls22.png
0549aa31b8717c5319b2e14251f799e8
33
https://76.28.92.4/ls22.png
34
https://65.74.106.143/ls22.png
35
https://66.191.25.136/ls22.png
36
https://98.222.64.184/ls22.png
0549aa31b8717c5319b2e14251f799e8
37
https://69.144.171.44/ls22.png
0549aa31b8717c5319b2e14251f799e8
38
https://65.33.236.173/ls22.png
0549aa31b8717c5319b2e14251f799e8
39
https://66.227.223.219/ls22.png
40
https://96.37.204.12/ls22.png
41
https://66.196.63.33/ls22.png
0549aa31b8717c5319b2e14251f799e8
42
https://71.99.130.24/ls22.png
0549aa31b8717c5319b2e14251f799e8
43
https://216.16.93.250/ls22.png
0549aa31b8717c5319b2e14251f799e8
44
https://24.19.25.40/ls22.png
45
https://98.246.210.27/ls22.png
46
https://66.196.61.218/ls22.png
0549aa31b8717c5319b2e14251f799e8