MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90b86965b599abaf095c723c9c354213e39c5633973e6ae383a9ba1afa511a06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sytro

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	90b86965b599abaf095c723c9c354213e39c5633973e6ae383a9ba1afa511a06
SHA3-384 hash:	da273422f53456ebb33e6fcbd3ee3373c4e93905cb1699ad599cae109791dfd056d86a0d37da14e9d1c13d10d8cf9032
SHA1 hash:	ce571a32575c8cdd3486a374a086c5ba9fe651fe
MD5 hash:	9f27809c54cc2fec8d4910bfde51d76e
humanhash:	aspen-twenty-edward-eleven
File name:	aa016275d898725384e549e09a923263
Download:	download sample
Signature	Sytro Create hunting rule
File size:	63'859 bytes
First seen:	2020-11-17 14:50:56 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ff63dc9c65eb25911a9bc535c8f06ad0 (62 x Sytro)
ssdeep	1536:zHoSCdeVMCT6ggMw4Y7FgG2xV89mTr39w6XJJzVtCDeulI:zHoLde/OgV432UcP39hXJZnCaulI
Threatray	18 similar samples on MalwareBazaar
TLSH	7153023AA34298EBC7D0A774BF63E32F56B20D6B0F110B534C24177B5B965CE40A423A
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-49

PUA.Win.Packer.UpxProtector-1

Win.Worm.Soltern-1

Win.Worm.Sytro-6803948-0

Win.Worm.Sytro-9640596-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Creating a file in the Windows directory

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/90b86965b599abaf095c723c9c354213e39c5633973e6ae383a9ba1afa511a06/

Threat name:

Win32.Worm.Sytro

Status:

Malicious

First seen:

2020-11-17 14:52:05 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/201117-31b3yvh1aj/

Behaviour

Drops file in Windows directory

Unpacked files

SH256 hash:

90b86965b599abaf095c723c9c354213e39c5633973e6ae383a9ba1afa511a06

MD5 hash:

9f27809c54cc2fec8d4910bfde51d76e

SHA1 hash:

ce571a32575c8cdd3486a374a086c5ba9fe651fe

Link:

https://www.unpac.me/results/982838f0-4d09-4826-9368-798808438b9a/

SH256 hash:

0a0f6ff6fad225829c95bbfa4fef052fe62d9ca575a475a004183a09170de262

MD5 hash:

824f965516070103f00f9bee473bab89

SHA1 hash:

c0eb3cc954a9d308662f7d8fb5f476d8705b1014

Link:

https://www.unpac.me/results/982838f0-4d09-4826-9368-798808438b9a/

SH256 hash:

5764ac81486c64471a49e53016a1d83a1333b114ef156a1c5bfeddbd73229fa5

MD5 hash:

df947c3e7d265549597634194ad06cad

SHA1 hash:

5f3cf9e65541d0352d2d398651c9afab312d71fb

Link:

https://www.unpac.me/results/982838f0-4d09-4826-9368-798808438b9a/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.86

Link:

https://yomi.yoroi.company/submissions/90b86965b599abaf095c723c9c354213e39c5633973e6ae383a9ba1afa511a06

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample