upatre | f5c6aa8a01ca95e9e72d8a86d82c468953ec32232967cef958968a5015634b0c | Triage

Sharing

General

Target

f5c6aa8a01ca95e9e72d8a86d82c468953ec32232967cef958968a5015634b0cN.exe
Size

603KB
Sample

250103-rnx2ya1ndn
MD5

e1e3b60fddb0eac06ee822967def5b90
SHA1

3decb3eb9e5a8bd7c7c2e7b6986e51620478282a
SHA256

f5c6aa8a01ca95e9e72d8a86d82c468953ec32232967cef958968a5015634b0c
SHA512

776874837b36ae69d0da2c551d9e6eaf0f97481989a45f69c90187fb234a0e83cdca48fbf08a904e8296cb486215f6fb3dddc13bb4916b5ece50d99a0cc2d1f6
SSDEEP

12288:GAfE+BTw4yzTaS/sgeaHd6MY4f6U8BqW+v/vhP3D2:pynTTBd6OC6v/vhPT2

Score

10^/10

upatre discovery downloader

Malware Config

Targets

- Target
  
  f5c6aa8a01ca95e9e72d8a86d82c468953ec32232967cef958968a5015634b0cN.exe
- Size
  
  603KB
- MD5
  
  e1e3b60fddb0eac06ee822967def5b90
- SHA1
  
  3decb3eb9e5a8bd7c7c2e7b6986e51620478282a
- SHA256
  
  f5c6aa8a01ca95e9e72d8a86d82c468953ec32232967cef958968a5015634b0c
- SHA512
  
  776874837b36ae69d0da2c551d9e6eaf0f97481989a45f69c90187fb234a0e83cdca48fbf08a904e8296cb486215f6fb3dddc13bb4916b5ece50d99a0cc2d1f6
- SSDEEP
  
  12288:GAfE+BTw4yzTaS/sgeaHd6MY4f6U8BqW+v/vhP3D2:pynTTBd6OC6v/vhPT2
Score

10^/10

upatre discovery downloader
- Upatre
  Upatre is a generic malware downloader.
  downloader upatre
- Upatre family
  upatre
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

upatrediscoverydownloader

behavioral2

upatrediscoverydownloader