MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7133f50657c42bb32b6c91205d6f2e3b8a983958f417f46bab8ac7ab955d010. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Sytro


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a7133f50657c42bb32b6c91205d6f2e3b8a983958f417f46bab8ac7ab955d010
SHA3-384 hash: 58ffc1fb2a22628120735a9cee835d6fcfc8bcd86fe8150eca2cd859e705c91e7b1ce2bd0cdbd4f45be73ea3783dc3ba
SHA1 hash: 3b44e94abb2559f0080419b546695bbb54dbb4bc
MD5 hash: 9a0932ac4bcb81b284e85ed2238295ee
humanhash: eight-nitrogen-virginia-wisconsin
File name:a040f65841a37698485e74d79062b9f0
Download: download sample
Signature Sytro
Create hunting rule
File size:62'605 bytes
First seen:2020-11-17 12:45:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ff63dc9c65eb25911a9bc535c8f06ad0 (62 x Sytro)
ssdeep 1536:tHoSCdeVMCT6ggMw4Y7FgG2xV89mTr39w6XJJzVtAm6x1:tHoLde/OgV432UcP39hXJZnAmC1
Threatray 8 similar samples on MalwareBazaar
TLSH B853023AE39194D7CA94E775BB23E35F4A724C5A1F110A5248501B3F6F8E58F80E422A
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

Win.Worm.Soltern-1
Create hunting rule

Win.Worm.Sytro-6803948-0
Create hunting rule

Win.Worm.Sytro-9640596-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a file in the Windows directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a7133f50657c42bb32b6c91205d6f2e3b8a983958f417f46bab8ac7ab955d010/
Threat name:
Win32.Worm.Sytro
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:50:54 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
182e3d4b24640d22a78c5625a9abd0f00f59332233ea35e6418c4d0f08832639
Sytro
228e569997857ac4e2682561bac13ad534f5ae98c0369874ae582cac17c63889
Sytro
3bb4918f51f250f3030290f1260cd0683341644efb8b600bab09f9cec2529527
Sytro
40a5664e3b37ce93e0cff5d5fff0ec17035246fa3c732e78133ec46a4e1664ad
Sytro
86be9b5c03faf595b66fb18642595a0a360ab7fa98c7dbab74e2f14660215aa2
Sytro
c0c7e14d47b101ea76338ef3f77f43d9b53e5f90c7d1ce599c05b6a528c47c21
Sytro
f35dea5ceeb65f42b100de783867cc8e3df68427a16539a7154143210b5ffd48
Sytro
f85eeab2270c659083716ee569472e93d5086ffa6956767927b0d16ce3ea9f55
Sytro
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201117-kt7c687762/
Behaviour
Drops file in Windows directory
Unpacked files
SH256 hash:
a7133f50657c42bb32b6c91205d6f2e3b8a983958f417f46bab8ac7ab955d010
MD5 hash:
9a0932ac4bcb81b284e85ed2238295ee
SHA1 hash:
3b44e94abb2559f0080419b546695bbb54dbb4bc
Link:
https://www.unpac.me/results/aabfb53c-505b-4740-b6a7-a8aa35018873/
SH256 hash:
2d706647713cbb9e33d568454c763739819e1fdff042dfab91422c2537261cb4
MD5 hash:
2c168461aee868adf6924a84cbddbeb8
SHA1 hash:
fe9720a75f407b2bbfd1280bf72252bb9f31a095
Link:
https://www.unpac.me/results/aabfb53c-505b-4740-b6a7-a8aa35018873/
SH256 hash:
e1a1df1afe906d710349f1662a533ddc00edf552ccb5964c8f5db26af648f207
MD5 hash:
f14072ed4ad552a02782ceae3bd40127
SHA1 hash:
e5fe936def11bbd962ffcfac9691f941911be3c8
Link:
https://www.unpac.me/results/aabfb53c-505b-4740-b6a7-a8aa35018873/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments