Collection of Upatre Samples ( alpha version)

Config File for fb3e954d315da7af3bb70297ff080561

md5
fb3e954d315da7af3bb70297ff080561
source
malwr
link
https://malwr.com/analysis/ZThmZmY2N2E5ZTFhNDgyNWI2MDA4MGQ1ZjBhM2JhYWY/
malware_name
izmadza.exe
temp_file
scandate
2015-07-21 06:41:16
parsed
2015-07-23 13:28:11
decrypt_keys
7446059c
check_keys
c2_server
93.93.194.202
baseport
13920
useragent
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.34 (KHTML, like Gecko) Chrome/43.0.2457.82 Safari/537.34
payload_format
sim
old
0
clientip
icanhazip.com
nr_targets
16
nr_delivery_sites
15
nr_delivery_sites_online
7
nr_payloads
1
ksa
dec
pdir
HOLD12
delivered payloads:
1
6ceb933edcbe0a59059a95213da6f0c2
downloaded
2015-07-23 13:28:11
scanned (on VT)
2015-07-23 11:27:54
positives
32 / 56
detected as
MicroWorld-eScan
Gen:Variant.Kazy.651080
McAfee
Upatre-FACE!B9B1224DB15E
Malwarebytes
Trojan.Upatre
SUPERAntiSpyware
Trojan.Agent/Gen-Upatre
K7GW
Trojan ( 004c6af71 )
K7AntiVirus
Trojan ( 004c6af71 )
Symantec
Downloader.Upatre!gen9
TrendMicro-HouseCall
TROJ_UPATRE.SMX3
Avast
Win32:Upatre-N [Trj]
GData
Gen:Variant.Kazy.651080
Kaspersky
HEUR:Trojan.Win32.Generic
BitDefender
Gen:Variant.Kazy.651080
NANO-Antivirus
Trojan.Win32.Dyre.dtdpnr
ViRobot
Trojan.Win32.Upatre.436736.B[h]
Ad-Aware
Gen:Variant.Kazy.651080
Emsisoft
Gen:Variant.Kazy.651080 (B)
F-Secure
Gen:Variant.Kazy.651080
VIPRE
Trojan-Downloader.Win32.Upatre.f (v)
TrendMicro
TROJ_UPATRE.SMX3
McAfee-GW-Edition
Upatre-FACE!B9B1224DB15E
Jiangmin
Trojan/Banker.Dyre.ek
Antiy-AVL
Trojan[Banker]/Win32.Dyre
Arcabit
Trojan.Kazy.D9EF48
AhnLab-V3
Trojan/Win32.Upatre
Microsoft
TrojanDownloader:Win32/Upatre
ByteHero
Virus.Win32.Heur.c
ALYac
Gen:Variant.Kazy.651080
AVware
Trojan-Downloader.Win32.Upatre.f (v)
VBA32
TrojanBanker.Dyre
Fortinet
W32/Waski.F!tr
AVG
Generic_s.EVO
Panda
Trj/Genetic.gen
not detected by:
Bkav, TotalDefense, nProtect, CAT-QuickHeal, Zillya, TheHacker, Alibaba, Agnitum, F-Prot, ESET-NOD32, ClamAV, Tencent, Comodo, DrWeb, Sophos, Cyren, Avira, Kingsoft, AegisLab, Baidu-International, Zoner, Rising, Ikarus, Qihoo-360
delivery sites:
1
https://173.248.29.43/upd12.zip
2
https://109.86.226.85/upd12.zip
3
https://24.220.92.193/upd12.zip
6ceb933edcbe0a59059a95213da6f0c2
4
https://176.36.251.208/upd12.zip
6ceb933edcbe0a59059a95213da6f0c2
5
https://188.255.165.154/upd12.zip
6
https://173.216.240.56/upd12.zip
7
https://68.190.246.142/upd12.zip
8
https://188.255.169.176/upd12.zip
9
https://75.137.112.81/upd12.zip
10
https://69.163.81.211/upd12.zip
6ceb933edcbe0a59059a95213da6f0c2
11
https://216.254.231.11/upd12.zip
6ceb933edcbe0a59059a95213da6f0c2
12
https://24.33.131.116/upd12.zip
6ceb933edcbe0a59059a95213da6f0c2
13
https://104.174.123.66/upd12.zip
6ceb933edcbe0a59059a95213da6f0c2
14
https://72.230.82.80/upd12.zip
6ceb933edcbe0a59059a95213da6f0c2
15
https://64.203.121.6/upd12.zip