NUEVAS VARIANTES DE DOWNLOADER UPATRE QUE LLEGAN ANEXADAS A MAILS MASIVOS

Siguen llegando mails anexando nuevas variantes de Downloader UPATRE que vamos controlando con el ELISTARA 32.90 de hoy

El preanalisis de virustotal de las ultimas recibidas ofrecen estos informes:

MD5 73959ceef0625427b4287cd9e403c2b2
SHA1 ff4cc759a49ef9e204d4733ee2033712e086a15c
File size 517.5 KB ( 529920 bytes )
SHA256: d931a4346202421ce593e95207193007c99ea62752ebabef6dc026f92697d229
File name: 73959ceef0625427b4287cd9e403c2b2
Detection ratio: 27 / 56
Analysis date: 2015-09-08 12:12:38 UTC ( 48 minutes ago )

0 1
Antivirus Result Update
AVG Ransomer.JTS 20150908
Ad-Aware Trojan.GenericKD.2708463 20150908
AhnLab-V3 Trojan/Win32.Dyzap 20150908
Avast Win32:Malware-gen 20150908
Avira TR/Rogue.aioigb 20150908
Baidu-International Trojan.Win32.Battdil.AS 20150908
BitDefender Trojan.GenericKD.2708463 20150908
Bkav HW32.Packed.B57C 20150908
DrWeb Trojan.Dyre.586 20150908
ESET-NOD32 Win32/Battdil.AS 20150908
Emsisoft Trojan.GenericKD.2708463 (B) 20150908
F-Secure Trojan.GenericKD.2708463 20150908
GData Trojan.GenericKD.2708463 20150908
Ikarus Trojan.Inject 20150908
Kaspersky HEUR:Trojan.Win32.Generic 20150908
Malwarebytes Spyware.Dyre 20150908
McAfee Artemis!73959CEEF062 20150908
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.hh 20150907
MicroWorld-eScan Trojan.GenericKD.2708463 20150908
Microsoft PWS:Win32/Dyzap 20150908
Panda Trj/Dyzap.A 20150908
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150908
Sophos Mal/Upatre-AA 20150908
TrendMicro TSPY_DYRE.XXA 20150908
TrendMicro-HouseCall TSPY_DYRE.XXA 20150908
VIPRE Trojan.Win32.Generic!BT 20150908
nProtect Trojan.GenericKD.2708463 20150908

y este otro:

MD5 e094cba65a28a6a70e99b6945eee943a
SHA1 283645db3bd3b9e0557c9414f4af137a96b86932
File size 517.0 KB ( 529408 bytes )
SHA256: 339c80cd04345ac2bc01d964638a326c414036199ee7ea06f7e5025067dbb3d0
File name: Lizalifek.exe
Detection ratio: 26 / 56
Analysis date: 2015-09-08 13:05:05 UTC ( 2 minutes ago )

0 2
Antivirus Result Update
AVG Crypt4.CGAJ 20150908
Ad-Aware Trojan.GenericKD.2708695 20150908
Avast Win32:Malware-gen 20150908
Avira TR/Rogue.aioigd 20150908
Baidu-International Adware.Win32.iBryte.DVZD 20150908
BitDefender Trojan.GenericKD.2708695 20150908
Bkav HW32.Packed.85B3 20150908
ByteHero Trojan.Malware.Obscu.Gen.002 20150908
ESET-NOD32 a variant of Win32/Kryptik.DVZD 20150908
F-Secure Trojan.GenericKD.2708695 20150908
GData Trojan.GenericKD.2708695 20150908
Ikarus Trojan.Win32.Crypt 20150908
K7AntiVirus Trojan ( 004ced301 ) 20150908
K7GW Trojan ( 004ced301 ) 20150908
Kaspersky HEUR:Trojan.Win32.Generic 20150908
Malwarebytes Spyware.Dyre 20150908
McAfee Artemis!E094CBA65A28 20150908
McAfee-GW-Edition BehavesLike.Win32.PWSZbot.hh 20150907
MicroWorld-eScan Trojan.GenericKD.2708695 20150908
Microsoft Trojan:Win32/Bulta!rfn 20150908
Panda Trj/Genetic.gen 20150908
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150908
Sophos Mal/Upatre-AA 20150908
TrendMicro TSPY_DYRE.XXA 20150908
TrendMicro-HouseCall TSPY_DYRE.XXA 20150908
nProtect Trojan.GenericKD.2708695 20150908

y este último recien llegado:

MD5 27aa27b1377987ebda06c15d355cd189
SHA1 91bcf64c392befddd6ae8937d21b75a935d6060e
File size 600.5 KB ( 614912 bytes )
SHA256: 9e64daf2d47dcf7d2621306874d8a422f28f8ebfa387dfa0b70aa3c9d33aade0
File name: Fuzipiv.exe
Detection ratio: 6 / 57
Analysis date: 2015-09-08 13:10:03 UTC ( 2 minutes ago )

0 1
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Dyre 20150908
ESET-NOD32 a variant of Win32/Kryptik.DWCI 20150908
Fortinet W32/Monlin.A!tr 20150908
Panda Trj/Genetic.gen 20150908
Qihoo-360 HEUR/QVM02.0.Malware.Gen 20150908
Tencent Win32.Trojan.Inject.Auto 20150908

Dado que este ultimo aun no lo controlan ni McAfee ni Kaspersky, ya se lo hemos enviado a dichos fabricante para que añadan su control y eliminacion en las proximas versiones de sus productos.

Dicha version del ELISTARA 32.90 que los detectan y eliminan, estará disponible en nuestra web a partir de las 19 h CEST de hoy

saludos

ms, 8-9-2015