MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40a5664e3b37ce93e0cff5d5fff0ec17035246fa3c732e78133ec46a4e1664ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sytro

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	40a5664e3b37ce93e0cff5d5fff0ec17035246fa3c732e78133ec46a4e1664ad
SHA3-384 hash:	136631ff440db93f30707716bf5f1c1b7bda0ddd7988bfe0830adc70f83e9cbff790ad89d826767874ea23d97f0d241b
SHA1 hash:	13812e327fa8edc527d39900010ec7755829b7be
MD5 hash:	5ec64e4c89ac6cbea940402ac8fd2e5b
humanhash:	nineteen-xray-white-batman
File name:	a1e091f8b57b7da2d94f1a1f62106798
Download:	download sample
Signature	Sytro Create hunting rule
File size:	64'091 bytes
First seen:	2020-11-17 11:39:38 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ff63dc9c65eb25911a9bc535c8f06ad0 (62 x Sytro)
ssdeep	1536:zHoSCdeVMCT6ggMw4Y7FgG2xV89mTr39w6XJJzVtlDeulJ:zHoLde/OgV432UcP39hXJZnlaulJ
Threatray	3 similar samples on MalwareBazaar
TLSH	2B53027AA34294EBC6D0A374BB63E32B56B21D6B0F1107974C24177B57869CE40B433B
Reporter	seifreed

Intelligence

File Origin

# of uploads :

1

# of downloads :

64

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-49

PUA.Win.Packer.UpxProtector-1

Win.Worm.Soltern-1

Win.Worm.Sytro-6803948-0

Win.Worm.Sytro-9640596-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Creating a file in the Windows directory

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/40a5664e3b37ce93e0cff5d5fff0ec17035246fa3c732e78133ec46a4e1664ad/

Threat name:

Win32.Worm.Sytro

Status:

Malicious

First seen:

2020-11-17 11:42:15 UTC

AV detection:

40 of 48 (83.33%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

3bb4918f51f250f3030290f1260cd0683341644efb8b600bab09f9cec2529527

c0c7e14d47b101ea76338ef3f77f43d9b53e5f90c7d1ce599c05b6a528c47c21

f35dea5ceeb65f42b100de783867cc8e3df68427a16539a7154143210b5ffd48

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/201117-7byl9f2252/

Behaviour

Drops file in Windows directory

Unpacked files

SH256 hash:

40a5664e3b37ce93e0cff5d5fff0ec17035246fa3c732e78133ec46a4e1664ad

MD5 hash:

5ec64e4c89ac6cbea940402ac8fd2e5b

SHA1 hash:

13812e327fa8edc527d39900010ec7755829b7be

Link:

https://www.unpac.me/results/e862d9ed-f3f3-46e7-846c-c7618387007e/

SH256 hash:

126cdcf8b84660d1429f896a834d3abf1d4ca87a29328c0dd330bb02eb83e1d2

MD5 hash:

898113fb2051741dc4e47987520ff6ef

SHA1 hash:

7cdc042ac0e4895ce706b8000fb668bfea47e860

Link:

https://www.unpac.me/results/e862d9ed-f3f3-46e7-846c-c7618387007e/

SH256 hash:

6f7cb0342c1a5ebf993342fd0667d1f926b47da9c4b20397a16cf5f6e507a58c

MD5 hash:

1fba542ca141dd78dae71c6c5b195d61

SHA1 hash:

ef535c186bc2f1fd2f21d4c1540e91bfd0163e21

Link:

https://www.unpac.me/results/e862d9ed-f3f3-46e7-846c-c7618387007e/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample