upatre | 5f0a30e4304945e1885d63daf5f67b3d19b3df409d264301c53854eaacda5b19 | Triage

Sharing

General

Target

63111c203d09d7e94323ddd3ddbb9152_JaffaCakes118
Size

13KB
Sample

240401-a75gpagg9t
MD5

63111c203d09d7e94323ddd3ddbb9152
SHA1

2c8d694a35552a3ef5b98e9bf8f53796ec9f1089
SHA256

5f0a30e4304945e1885d63daf5f67b3d19b3df409d264301c53854eaacda5b19
SHA512

698397db499fbf4dbcbcb8a3db3909066aa7047faa168de545c554aefb03c79a187c46dafa47c299c7f3e9b41372b1bf7c23ae3c822f40ecf8c8af5fc8ccaff9
SSDEEP

384:6K+dKfzQHxFxRmyja4QhiP7UlY/pjKkFlplVDuyUylyylylylyylPh8yQ:v+dAURFxna4QAPQlYgkFlplVDuyUylyv

Score

10^/10

upatre downloader

Malware Config

Targets

- Target
  
  63111c203d09d7e94323ddd3ddbb9152_JaffaCakes118
- Size
  
  13KB
- MD5
  
  63111c203d09d7e94323ddd3ddbb9152
- SHA1
  
  2c8d694a35552a3ef5b98e9bf8f53796ec9f1089
- SHA256
  
  5f0a30e4304945e1885d63daf5f67b3d19b3df409d264301c53854eaacda5b19
- SHA512
  
  698397db499fbf4dbcbcb8a3db3909066aa7047faa168de545c554aefb03c79a187c46dafa47c299c7f3e9b41372b1bf7c23ae3c822f40ecf8c8af5fc8ccaff9
- SSDEEP
  
  384:6K+dKfzQHxFxRmyja4QhiP7UlY/pjKkFlplVDuyUylyylylylyylPh8yQ:v+dAURFxna4QAPQlYgkFlplVDuyUylyv
Score

10^/10

upatre downloader
- Upatre
  Upatre is a generic malware downloader.
  downloader upatre
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

upatredownloader

behavioral2

upatredownloader