Collection of Upatre Samples ( alpha version)

Config File for f7c6c92cdeb5471fe3ec07122646e3f2

md5
f7c6c92cdeb5471fe3ec07122646e3f2
source
malwr
link
https://malwr.com/analysis/MjQzMTE0MmI3ZDBlNDhiZjlmM2EwN2U0OTVhZmI3N2E/
malware_name
filnamer.exe
temp_file
LogB5DE.tmp
scandate
2015-05-14 23:07:34
parsed
2015-06-29 22:07:24
decrypt_keys
137fb05b
check_keys
5c901c2a
c2_server
91.211.17.201
baseport
13920
useragent
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
17
nr_delivery_sites
16
nr_delivery_sites_online
5
nr_payloads
1
ksa
dec
pdir
SAT22
delivered payloads:
1
f04ccd517220fee55abe422618614f8f
downloaded
2015-06-29 22:07:24
scanned (on VT)
2015-05-26 13:12:37
positives
39 / 57
detected as
MicroWorld-eScan
Gen:Trojan.Heur.DuW@IHYBALai
McAfee
Artemis!080D19A66855
Malwarebytes
Spyware.Dyre
Zillya
Downloader.Upatre.Win32.26637
K7GW
Trojan ( 004bed481 )
K7AntiVirus
Trojan ( 004bed481 )
Agnitum
Trojan.DL.Upatre!
F-Prot
W32/Dropper.gen8!Maximus
Symantec
WS.Reputation.1
TrendMicro-HouseCall
Suspicious_GEN.F47V0525
Avast
Win64:Evo-gen [Susp]
Kaspersky
Trojan-Downloader.Win32.Upatre.ipz
BitDefender
Gen:Trojan.Heur.DuW@IHYBALai
NANO-Antivirus
Trojan.Win32.Upatre.drqrgu
Tencent
Win32.Trojan-downloader.Upatre.Dbh
Ad-Aware
Gen:Trojan.Heur.DuW@IHYBALai
Emsisoft
Gen:Trojan.Heur.DuW@IHYBALai (B)
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Trojan.Heur.DuW@IHYBALai
DrWeb
Trojan.Dyre.180
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
TrendMicro
TROJ_UPATRE.SMC1
McAfee-GW-Edition
BehavesLike.Win32.Dropper.gc
Sophos
Troj/Apolmy-C
Cyren
W64/Trojan.NRSO-8006
Jiangmin
TrojanDownloader.Upatre.ulq
Avira
TR/Crypt.EPACK.33805
Antiy-AVL
Trojan[Downloader]/Win32.Upatre
Microsoft
PWS:Win32/Dyzap
GData
Gen:Trojan.Heur.DuW@IHYBALai
AhnLab-V3
Trojan/Win32.Agent
AVware
BehavesLike.Win32.Malware.bsf (vs)
Baidu-International
Trojan.Win32.Upatre.ipz
ESET-NOD32
Win32/Battdil.Q
Ikarus
Trojan.Win32.Exploit
Fortinet
W32/Upatre.C!tr
AVG
Cryptic.EWT.dropper
Panda
Trj/Genetic.gen
Qihoo-360
Win32/Trojan.5a2
not detected by:
Bkav, nProtect, CMC, CAT-QuickHeal, SUPERAntiSpyware, TheHacker, Alibaba, Norman, TotalDefense, ClamAV, ViRobot, ByteHero, Kingsoft, AegisLab, ALYac, VBA32, Zoner, Rising
delivery sites:
1
https://217.168.210.122/tase22.pdf
f04ccd517220fee55abe422618614f8f
2
https://80.250.7.219/tase22.pdf
f04ccd517220fee55abe422618614f8f
3
https://91.245.19.13/tase22.pdf
4
https://46.167.215.35/tase22.pdf
5
https://87.249.142.189/tase22.pdf
f04ccd517220fee55abe422618614f8f
6
https://46.229.124.103/tase22.pdf
7
https://85.135.104.170/tase22.pdf
f04ccd517220fee55abe422618614f8f
8
https://193.86.104.15/tase22.pdf
9
https://81.90.175.7/tase22.pdf
f04ccd517220fee55abe422618614f8f
10
https://89.203.194.212/tase22.pdf
11
https://160.218.186.106/tase22.pdf
12
https://91.245.26.136/tase22.pdf
13
https://89.203.144.101/tase22.pdf
14
https://94.127.129.214/tase22.pdf
15
https://216.245.211.242/tase22.pdf
16
https://84.246.161.47/tase22.pdf