Collection of Upatre Samples ( alpha version)

Config File for c178dbf7a57faccbc7b06c31bffe07d6

md5
c178dbf7a57faccbc7b06c31bffe07d6
source
malwr
link
https://malwr.com/analysis/ZGQxYmZjMzJiNDViNGEwOTliZDQ2N2IyOTM5MGVkN2I/
malware_name
xtozetut.exe
temp_file
XtopLog.txt
scandate
2015-05-20 16:44:21
parsed
2015-06-26 00:17:01
decrypt_keys
6d7627f6
check_keys
134b4e0a
c2_server
93.185.4.90
baseport
13920
useragent
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
16
nr_delivery_sites
15
nr_delivery_sites_online
4
nr_payloads
1
ksa
dec2
pdir
TS21
delivered payloads:
1
b56582767ff68bc1f4e2e2b90cb7f3c2
downloaded
2015-06-26 00:17:01
scanned (on VT)
2015-06-30 15:06:35
positives
32 / 56
detected as
MicroWorld-eScan
Gen:Trojan.Heur.LuW@IP2mEMfi
Malwarebytes
Spyware.Dyre
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
K7AntiVirus
Trojan ( 004c37eb1 )
K7GW
Trojan ( 004c37eb1 )
NANO-Antivirus
Trojan.Win32.Dyre.dsbekw
F-Prot
W32/Dropper.gen8!Maximus
TrendMicro-HouseCall
TSPY_DYRE.CMS
Avast
Win64:Evo-gen [Susp]
GData
Gen:Trojan.Heur.LuW@IP2mEMfi
Kaspersky
Trojan-Downloader.Win32.Upatre.aiaj
BitDefender
Gen:Trojan.Heur.LuW@IP2mEMfi
Ad-Aware
Gen:Trojan.Heur.LuW@IP2mEMfi
Emsisoft
Gen:Trojan.Heur.LuW@IP2mEMfi (B)
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Trojan.Heur.LuW@IP2mEMfi
DrWeb
DLOADER.Trojan
TrendMicro
TSPY_DYRE.CMS
Sophos
Mal/Wonton-BD
Cyren
W64/Trojan.NRSO-8006
Jiangmin
TrojanDownloader.Upatre.afjh
Avira
W32/Etap
Antiy-AVL
Trojan[Downloader]/Win32.Upatre
Arcabit
Trojan.Heur.EC703F
ViRobot
Trojan.Win32.Upatre.541696[h]
Microsoft
TrojanDropper:Win32/Evotob.C
AhnLab-V3
Trojan/Win32.Battdil
AVware
BehavesLike.Win32.Malware.bsf (vs)
ESET-NOD32
Win32/TrojanDropper.Sikutan.B
Ikarus
Trojan.Win32.Crypt
AVG
Downloader.Generic14.WKS.dropper
Panda
Trj/Genetic.gen
not detected by:
Bkav, nProtect, CAT-QuickHeal, McAfee, AegisLab, Alibaba, TheHacker, Symantec, TotalDefense, ClamAV, Agnitum, SUPERAntiSpyware, ByteHero, Tencent, Zillya, McAfee-GW-Edition, Kingsoft, ALYac, VBA32, Baidu-International, Zoner, Rising, Fortinet, Qihoo-360
delivery sites:
1
https://96.46.99.215/tisat21.png
b56582767ff68bc1f4e2e2b90cb7f3c2
2
https://162.249.150.113/tisat21.png
3
https://173.248.13.100/tisat21.png
4
https://109.75.154.46/tisat21.png
5
https://194.106.166.22/tisat21.png
b56582767ff68bc1f4e2e2b90cb7f3c2
6
https://188.255.186.193/tisat21.png
7
https://95.143.130.63/tisat21.png
8
https://68.170.58.11/tisat21.png
9
https://178.222.250.35/tisat21.png
b56582767ff68bc1f4e2e2b90cb7f3c2
10
https://94.154.107.172/tisat21.png
b56582767ff68bc1f4e2e2b90cb7f3c2
11
https://178.219.10.23/tisat21.png
12
https://79.101.42.247/tisat21.png
13
https://209.240.179.10/tisat21.png
14
https://188.255.249.28/tisat21.png
15
https://38.66.20.98/tisat21.png