MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 228e569997857ac4e2682561bac13ad534f5ae98c0369874ae582cac17c63889. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Sytro


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 228e569997857ac4e2682561bac13ad534f5ae98c0369874ae582cac17c63889
SHA3-384 hash: a74a964c2778f6b99be7eab6f1922541d566d0299d1dba17409b16fa063097eca5eeb7fe86b50518dffd7c4d2caa664d
SHA1 hash: 9a4fc21767d1a09b404b68c7b6c258d241a0161f
MD5 hash: 7b14fe4228c5d762f1cdffa76fe957c7
humanhash: south-harry-victor-black
File name:a21090874d7d9d7fed86e5a9a378d696
Download: download sample
Signature Sytro
Create hunting rule
File size:65'819 bytes
First seen:2020-11-17 11:56:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ff63dc9c65eb25911a9bc535c8f06ad0 (62 x Sytro)
ssdeep 1536:zHoSCdeVMCT6ggMw4Y7FgG2xV89mTr39w6XJJzVt+DeUN:zHoLde/OgV432UcP39hXJZn+aUN
Threatray 13 similar samples on MalwareBazaar
TLSH C953027AA78294EBCAD0A779BF17E32B96724C670F050B424C641B7B57855CF40B032A
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

Win.Worm.Soltern-1
Create hunting rule

Win.Worm.Sytro-6803948-0
Create hunting rule

Win.Worm.Sytro-9640596-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a file in the Windows directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/228e569997857ac4e2682561bac13ad534f5ae98c0369874ae582cac17c63889/
Threat name:
Win32.Worm.Sytro
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:00:37 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
182e3d4b24640d22a78c5625a9abd0f00f59332233ea35e6418c4d0f08832639
Sytro
3bb4918f51f250f3030290f1260cd0683341644efb8b600bab09f9cec2529527
Sytro
40a5664e3b37ce93e0cff5d5fff0ec17035246fa3c732e78133ec46a4e1664ad
Sytro
90b86965b599abaf095c723c9c354213e39c5633973e6ae383a9ba1afa511a06
Sytro
9b6a9d9274d6f901d24028a4b6ada54ec27841b66fea59cdcad4de1197c04060
Sytro
a7133f50657c42bb32b6c91205d6f2e3b8a983958f417f46bab8ac7ab955d010
Sytro
bd05c16d48b2a0abfc57c2b57844b273cea725c3ecf83d3e4d7fc9b995046aab
Sytro
c0c7e14d47b101ea76338ef3f77f43d9b53e5f90c7d1ce599c05b6a528c47c21
Sytro
f35dea5ceeb65f42b100de783867cc8e3df68427a16539a7154143210b5ffd48
Sytro
f85eeab2270c659083716ee569472e93d5086ffa6956767927b0d16ce3ea9f55
Sytro
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201117-fgwyqtj7rs/
Behaviour
Drops file in Windows directory
Unpacked files
SH256 hash:
228e569997857ac4e2682561bac13ad534f5ae98c0369874ae582cac17c63889
MD5 hash:
7b14fe4228c5d762f1cdffa76fe957c7
SHA1 hash:
9a4fc21767d1a09b404b68c7b6c258d241a0161f
Link:
https://www.unpac.me/results/d8ec5706-495f-43bc-b13b-4a73c0a3d8f6/
SH256 hash:
99ccad116a0e4dc5c0e9681f3e4d87da514827c94dd381199e0ccc8b75da88d5
MD5 hash:
49195f9535b508684616afd1c03350f6
SHA1 hash:
88d2e96bf4b53a632dbd6226b8b33c00bf5cbf9c
Link:
https://www.unpac.me/results/d8ec5706-495f-43bc-b13b-4a73c0a3d8f6/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments