upatre | 230016b8d26b4672b9e441061bbce9bfa73340fd0537f9b5393e37aa598cc221 | Triage

Sharing

General

Target

230016b8d26b4672b9e441061bbce9bfa73340fd0537f9b5393e37aa598cc221
Size

41KB
Sample

220612-dnd26sbfhp
MD5

a480225e454330cadd3032ef1a33680c
SHA1

d4db1606be1b24968f15eedad095743711da90cf
SHA256

230016b8d26b4672b9e441061bbce9bfa73340fd0537f9b5393e37aa598cc221
SHA512

380f4a9a3403ea90695cc973c6d9c89ca08ba16652965a864afe7b32b86237f07bf54a59d7924fc90d7995ed8ccd670a9709b790c81c2f3b6009194c9bf196bb

Score

10^/10

upatre downloader

Malware Config

Targets

- Target
  
  230016b8d26b4672b9e441061bbce9bfa73340fd0537f9b5393e37aa598cc221
- Size
  
  41KB
- MD5
  
  a480225e454330cadd3032ef1a33680c
- SHA1
  
  d4db1606be1b24968f15eedad095743711da90cf
- SHA256
  
  230016b8d26b4672b9e441061bbce9bfa73340fd0537f9b5393e37aa598cc221
- SHA512
  
  380f4a9a3403ea90695cc973c6d9c89ca08ba16652965a864afe7b32b86237f07bf54a59d7924fc90d7995ed8ccd670a9709b790c81c2f3b6009194c9bf196bb
Score

10^/10

upatre downloader
- Upatre
  Upatre is a generic malware downloader.
  downloader upatre
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

upatredownloader

behavioral2

upatredownloader