upatre | 885645cf1a525da5964bc13dd1b4cfcb6b264ea63c3fd4851a04d37cea4fff11 | Triage

Sharing

General

Target

NEAS.60d4eef014fa37a87ad389ab17fcca40.exe
Size

291KB
Sample

231101-httr2aca4x
MD5

60d4eef014fa37a87ad389ab17fcca40
SHA1

a6c22a1482b5a45b6b818397fc5fda09d7316f4c
SHA256

885645cf1a525da5964bc13dd1b4cfcb6b264ea63c3fd4851a04d37cea4fff11
SHA512

addc40b253e7ff1a8d0a7db04867b88ce85f9f2007dbd72090c7bb4eb0d25db3a6ef47353064898a373f68aff774f1beacd6d4e69768a38277f86182cbd7f397
SSDEEP

3072:GY9CUT62/UOVNu5YKZmRoWM4pkcrIobbZ5QzN2Vs/2xdqWnaf+y6SiG/sMFvkzX/:GY9C8QyNRQbobbfQ8V+W7MeO8l53

Score

10^/10

upatre downloader

Malware Config

Targets

- Target
  
  NEAS.60d4eef014fa37a87ad389ab17fcca40.exe
- Size
  
  291KB
- MD5
  
  60d4eef014fa37a87ad389ab17fcca40
- SHA1
  
  a6c22a1482b5a45b6b818397fc5fda09d7316f4c
- SHA256
  
  885645cf1a525da5964bc13dd1b4cfcb6b264ea63c3fd4851a04d37cea4fff11
- SHA512
  
  addc40b253e7ff1a8d0a7db04867b88ce85f9f2007dbd72090c7bb4eb0d25db3a6ef47353064898a373f68aff774f1beacd6d4e69768a38277f86182cbd7f397
- SSDEEP
  
  3072:GY9CUT62/UOVNu5YKZmRoWM4pkcrIobbZ5QzN2Vs/2xdqWnaf+y6SiG/sMFvkzX/:GY9C8QyNRQbobbfQ8V+W7MeO8l53
Score

10^/10

upatre downloader
- Upatre
  Upatre is a generic malware downloader.
  downloader upatre
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

upatredownloader

behavioral2

upatredownloader