Collection of Upatre Samples ( alpha version)

Config File for 9d1ff4d5930e8484633f509eb3b76d53

md5
9d1ff4d5930e8484633f509eb3b76d53
source
n/a
link
n/a
malware_name
AriMpat.exe
temp_file
Mpata8295.tmp
scandate
0000-00-00 00:00:00
parsed
2015-07-06 21:13:55
decrypt_keys
137fb05b
check_keys
5c901c2a
c2_server
91.211.17.201
baseport
9587
useragent
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0
payload_format
reg
old
0
clientip
icanhazip.com
nr_targets
17
nr_delivery_sites
16
nr_delivery_sites_online
5
nr_payloads
1
ksa
dec
pdir
SATA
delivered payloads:
1
30c699742e33ce9614618bb113a753cf
downloaded
2015-07-06 21:13:55
scanned (on VT)
2015-07-06 19:13:58
positives
33 / 56
detected as
MicroWorld-eScan
Gen:Trojan.Heur.DuW@IbSnc@ei
Malwarebytes
Trojan.Agent.EXP
VIPRE
BehavesLike.Win32.Malware.bsf (vs)
Agnitum
Trojan.DL.Upatre!
F-Prot
W32/Dropper.gen8!Maximus
ESET-NOD32
Win32/TrojanDropper.Sikutan.B
TrendMicro-HouseCall
TROJ_UPATRE.SMC1
Avast
Win64:Evo-gen [Susp]
GData
Gen:Trojan.Heur.DuW@IbSnc@ei
Kaspersky
Trojan-Downloader.Win32.Upatre.ipz
BitDefender
Gen:Trojan.Heur.DuW@IbSnc@ei
NANO-Antivirus
Trojan.Win32.Dyre.dscfhe
Ad-Aware
Gen:Trojan.Heur.DuW@IbSnc@ei
Emsisoft
Gen:Trojan.Heur.DuW@IbSnc@ei (B)
Comodo
TrojWare.Win32.PWS.Dyzap.MY
F-Secure
Gen:Trojan.Heur.DuW@IbSnc@ei
DrWeb
Trojan.Dyre.180
Zillya
Downloader.Upatre.Win32.26637
TrendMicro
TROJ_UPATRE.SMC1
McAfee-GW-Edition
BehavesLike.Win32.Dropper.gc
Sophos
Troj/Apolmy-C
Cyren
W64/Trojan.NRSO-8006
Jiangmin
TrojanDownloader.Upatre.ulq
Avira
TR/Crypt.EPACK.33813
Antiy-AVL
Trojan[Downloader]/Win32.Upatre
Arcabit
Trojan.Heur.EAEDBB
AhnLab-V3
Trojan/Win32.Battdil
Microsoft
PWS:Win32/Dyzap
AVware
BehavesLike.Win32.Malware.bsf (vs)
VBA32
TrojanDownloader.Upatre
Ikarus
Trojan.Win32.Exploit
AVG
Cryptic.EWT.dropper
Panda
Trj/Genetic.gen
not detected by:
Bkav, TotalDefense, nProtect, CAT-QuickHeal, ALYac, SUPERAntiSpyware, TheHacker, Alibaba, K7GW, K7AntiVirus, Symantec, ClamAV, ViRobot, Tencent, Kingsoft, AegisLab, ByteHero, McAfee, Baidu-International, Zoner, Rising, Fortinet, Qihoo-360
delivery sites:
1
https://217.168.210.122/tasa.pdf
30c699742e33ce9614618bb113a753cf
2
https://80.250.7.219/tasa.pdf
30c699742e33ce9614618bb113a753cf
3
https://91.245.19.13/tasa.pdf
4
https://46.167.215.35/tasa.pdf
5
https://87.249.142.189/tasa.pdf
30c699742e33ce9614618bb113a753cf
6
https://46.229.124.103/tasa.pdf
7
https://85.135.104.170/tasa.pdf
30c699742e33ce9614618bb113a753cf
8
https://193.86.104.15/tasa.pdf
9
https://81.90.175.7/tasa.pdf
30c699742e33ce9614618bb113a753cf
10
https://89.203.194.212/tasa.pdf
11
https://160.218.186.106/tasa.pdf
12
https://91.245.26.136/tasa.pdf
13
https://89.203.144.101/tasa.pdf
14
https://94.127.129.214/tasa.pdf
15
https://216.245.211.242/tasa.pdf
16
https://84.246.161.47/tasa.pdf