MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ea0c63e38e2806812057385443a5253c269764c33449f84ae52bafc3ad45acc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sytro

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	2ea0c63e38e2806812057385443a5253c269764c33449f84ae52bafc3ad45acc
SHA3-384 hash:	fff9d0ddd980e185f0c410f53653633c823974eeacb61e246908b334aeb1239a7d75571a5ac843a5d263c8df1e4a380b
SHA1 hash:	42685a5329846b05102683f66a9bb66a8a38be50
MD5 hash:	4fe0b51cb40bafe9142b51db01bd8fc8
humanhash:	fillet-north-yellow-seven
File name:	a882b05b2d30e1f28259f3eb909b003b
Download:	download sample
Signature	Sytro Create hunting rule
File size:	64'505 bytes
First seen:	2020-11-17 15:24:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ff63dc9c65eb25911a9bc535c8f06ad0 (62 x Sytro)
ssdeep	1536:zHoSCdeVMCT6ggMw4Y7FgG2xV89mTr39w6XJJzVtQDefp:zHoLde/OgV432UcP39hXJZnQafp
Threatray	23 similar samples on MalwareBazaar
TLSH	6653027AA38294EEC794A374BB13F32B56720C6B0F151B530C641B7B579A9CE40E432A
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-49

PUA.Win.Packer.UpxProtector-1

Win.Worm.Soltern-1

Win.Worm.Sytro-6803948-0

Win.Worm.Sytro-9640596-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Creating a file in the Windows directory

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2ea0c63e38e2806812057385443a5253c269764c33449f84ae52bafc3ad45acc/

Threat name:

Win32.Worm.Sytro

Status:

Malicious

First seen:

2020-11-17 15:30:24 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/201117-j77mymrwv2/

Behaviour

Drops file in Windows directory

Unpacked files

SH256 hash:

2ea0c63e38e2806812057385443a5253c269764c33449f84ae52bafc3ad45acc

MD5 hash:

4fe0b51cb40bafe9142b51db01bd8fc8

SHA1 hash:

42685a5329846b05102683f66a9bb66a8a38be50

Link:

https://www.unpac.me/results/c0a827ab-d968-4187-907c-8d5b53c293c2/

SH256 hash:

89bea62673a1d4069cc2cf8420578c61bcd127e3f5f22c403512470f1485ca08

MD5 hash:

522089e43a465a0bef60b06a12dce623

SHA1 hash:

e418773fa70057bc75ee6a4d1ba7bc3bc5b93b87

Link:

https://www.unpac.me/results/c0a827ab-d968-4187-907c-8d5b53c293c2/

SH256 hash:

9ba6194ad13b8e770e067de20ae4baab93c85054c9f3f21ee7cf16c1e609865c

MD5 hash:

1bb756a0b72e3683c2937626952183d0

SHA1 hash:

236548a62f70cb728eab069ee0a29b5f22459a36

Link:

https://www.unpac.me/results/c0a827ab-d968-4187-907c-8d5b53c293c2/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample