upatre | 35b0c08624e805916b3e4488d12ba5f97a8a729d4a146c690c1b37db95ddffc8 | Triage

Sharing

General

Target

35b0c08624e805916b3e4488d12ba5f97a8a729d4a146c690c1b37db95ddffc8
Size

130KB
Sample

220626-3ddfbseeek
MD5

f79e4ace3ed9cdba0481aa3959115c8d
SHA1

c777373a214b38186632501ce81cd415da89f830
SHA256

35b0c08624e805916b3e4488d12ba5f97a8a729d4a146c690c1b37db95ddffc8
SHA512

1b2352458e42dde3cb6c126abce48c67fe6a0a39ad88032e4b0af5c630c10b77ad95d6def7a955ad24c4cace4bf79b8454b9b14905056bc6e06e2646c064c77e

Score

10^/10

upatre downloader

Malware Config

Targets

- Target
  
  35b0c08624e805916b3e4488d12ba5f97a8a729d4a146c690c1b37db95ddffc8
- Size
  
  130KB
- MD5
  
  f79e4ace3ed9cdba0481aa3959115c8d
- SHA1
  
  c777373a214b38186632501ce81cd415da89f830
- SHA256
  
  35b0c08624e805916b3e4488d12ba5f97a8a729d4a146c690c1b37db95ddffc8
- SHA512
  
  1b2352458e42dde3cb6c126abce48c67fe6a0a39ad88032e4b0af5c630c10b77ad95d6def7a955ad24c4cace4bf79b8454b9b14905056bc6e06e2646c064c77e
Score

10^/10

upatre downloader
- Upatre
  Upatre is a generic malware downloader.
  downloader upatre
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

upatredownloader

behavioral2

upatredownloader