upatre | ba936fcd3da7526247cb4f156ff7a4075e4ca4dffdf5f45a4dc0f47bd6dc37f3 | Triage

Sharing

General

Target

ba936fcd3da7526247cb4f156ff7a4075e4ca4dffdf5f45a4dc0f47bd6dc37f3
Size

4KB
Sample

230331-jmgpkagh55
MD5

64f5816cc636e4f27170fc7dc78c38c5
SHA1

757f088fbaef5695198bef0711b915e2b601c22c
SHA256

ba936fcd3da7526247cb4f156ff7a4075e4ca4dffdf5f45a4dc0f47bd6dc37f3
SHA512

f7ce5e8a7ae06e2747ace177cdb685452f2a5a1d3d4c7b29dbb76db16512347e0d029dfb1fe07ef7f23a29494dbc0cf1088f9c3cc6bcaa7e95e1f3b38bc40370
SSDEEP

48:Zdni+Wyi18DN0nCvTaE6nc9fhXcGEY3sJd9ga91RspLnA7B8mOo4jUx7OtKGc:Z0v4mUWKh9ctgC1RcLnKymV44Sh

Score

10^/10

upatre downloader

Malware Config

Targets

- Target
  
  ba936fcd3da7526247cb4f156ff7a4075e4ca4dffdf5f45a4dc0f47bd6dc37f3
- Size
  
  4KB
- MD5
  
  64f5816cc636e4f27170fc7dc78c38c5
- SHA1
  
  757f088fbaef5695198bef0711b915e2b601c22c
- SHA256
  
  ba936fcd3da7526247cb4f156ff7a4075e4ca4dffdf5f45a4dc0f47bd6dc37f3
- SHA512
  
  f7ce5e8a7ae06e2747ace177cdb685452f2a5a1d3d4c7b29dbb76db16512347e0d029dfb1fe07ef7f23a29494dbc0cf1088f9c3cc6bcaa7e95e1f3b38bc40370
- SSDEEP
  
  48:Zdni+Wyi18DN0nCvTaE6nc9fhXcGEY3sJd9ga91RspLnA7B8mOo4jUx7OtKGc:Z0v4mUWKh9ctgC1RcLnKymV44Sh
Score

10^/10

upatre downloader
- Upatre
  Upatre is a generic malware downloader.
  downloader upatre
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

upatredownloader

behavioral2

upatredownloader