MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b27dd8b9f2a9266d60b391b904293e8197e8b9a8cdca68a6dc0dece171d58e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Sytro


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b27dd8b9f2a9266d60b391b904293e8197e8b9a8cdca68a6dc0dece171d58e8
SHA3-384 hash: bcdaea3f1856149882bdaacfb6d0f9f6c775389a5db757a7989a7c07cee475a3b1c4c4316aaeec732ff4383ad39181b2
SHA1 hash: a93557f040a5a52501722a137169618a6409be95
MD5 hash: a4f9fb39c0b64c074acc08e6d4938dd8
humanhash: lithium-green-artist-april
File name:aa057069ec66f6e2d16d7be8412991f1
Download: download sample
Signature Sytro
Create hunting rule
File size:223'736 bytes
First seen:2020-11-17 14:43:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ff63dc9c65eb25911a9bc535c8f06ad0 (62 x Sytro)
ssdeep 6144:+su1YDl4Ji96fO3TmfMkf5QNm9jFbX47o:+rK4JnfO3qfv5X9jFDEo
Threatray 18 similar samples on MalwareBazaar
TLSH 7724126D8F469DE5D21B4834738EAF30239EAE9C539E17439C94BB146178320F9B2D0B
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

Win.Worm.Soltern-1
Create hunting rule

Win.Worm.Sytro-6803980-0
Create hunting rule

Win.Worm.Sytro-9640596-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a file in the Windows directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4b27dd8b9f2a9266d60b391b904293e8197e8b9a8cdca68a6dc0dece171d58e8/
Threat name:
Win32.Worm.Sytro
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 14:44:45 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
228e569997857ac4e2682561bac13ad534f5ae98c0369874ae582cac17c63889
Sytro
447cd37f4afcf90d9bc575a0a1911fec96f8eecce93b50a9a9f94d4f10c22ae4
Sytro
7f2cec3b1b1b41970c021034853ddd53a64ba4665b23cefc8ddc297262575cff
Sytro
86be9b5c03faf595b66fb18642595a0a360ab7fa98c7dbab74e2f14660215aa2
Sytro
9b518f148435a267a4c691beae19873dd1c5f8193c3ab882d7f01cdfd7915359
Sytro
9b6a9d9274d6f901d24028a4b6ada54ec27841b66fea59cdcad4de1197c04060
Sytro
bd05c16d48b2a0abfc57c2b57844b273cea725c3ecf83d3e4d7fc9b995046aab
Sytro
d1ef00957882ce67ff3358b49bd3fb17c51b7c7f4eae0601da02f88255c9bb39
Sytro
f35dea5ceeb65f42b100de783867cc8e3df68427a16539a7154143210b5ffd48
Sytro
f85eeab2270c659083716ee569472e93d5086ffa6956767927b0d16ce3ea9f55
Sytro
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201117-j3gxejxa7n/
Behaviour
Drops file in Windows directory
Unpacked files
SH256 hash:
4b27dd8b9f2a9266d60b391b904293e8197e8b9a8cdca68a6dc0dece171d58e8
MD5 hash:
a4f9fb39c0b64c074acc08e6d4938dd8
SHA1 hash:
a93557f040a5a52501722a137169618a6409be95
Link:
https://www.unpac.me/results/ce38d782-ede9-47b5-934f-aecb34340df1/
SH256 hash:
a6b9aa24c1538cf212f99eb7cdc6d6b51807c96a5fd262c83cfe7a808df5c446
MD5 hash:
3ac05535fd168cac88b87ae949d3984c
SHA1 hash:
5fbcc34fff24ef3977454becb2890b26894c5b08
Link:
https://www.unpac.me/results/ce38d782-ede9-47b5-934f-aecb34340df1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4b27dd8b9f2a9266d60b391b904293e8197e8b9a8cdca68a6dc0dece171d58e8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments