MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd05c16d48b2a0abfc57c2b57844b273cea725c3ecf83d3e4d7fc9b995046aab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sytro

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	bd05c16d48b2a0abfc57c2b57844b273cea725c3ecf83d3e4d7fc9b995046aab
SHA3-384 hash:	87f29489691dbcbc97e48847418ac79a91ec94672b50a6aa58babe7b8c24dffb68079bbbf7314646a528f5bb237ea346
SHA1 hash:	08e644c20436bc5cdb450683ff5869361dace7db
MD5 hash:	94ffbe3723daba80ecb356a393d20821
humanhash:	uncle-carolina-neptune-batman
File name:	a41f9c301b2e1b17b3546dbfb00a8311
Download:	download sample
Signature	Sytro Create hunting rule
File size:	64'973 bytes
First seen:	2020-11-17 14:16:53 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ff63dc9c65eb25911a9bc535c8f06ad0 (62 x Sytro)
ssdeep	1536:zHoSCdeVMCT6ggMw4Y7FgG2xV89mTr39w6XJJzVtCDefC:zHoLde/OgV432UcP39hXJZnCafC
Threatray	20 similar samples on MalwareBazaar
TLSH	2053027AA38294EBC7D0A374BB53F72B5672187B0F110B974C241B7B5B965CE40B032A
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-49

PUA.Win.Packer.UpxProtector-1

Win.Worm.Soltern-1

Win.Worm.Sytro-6803948-0

Win.Worm.Sytro-9640596-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file in the Windows subdirectories

Creating a file in the Windows directory

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bd05c16d48b2a0abfc57c2b57844b273cea725c3ecf83d3e4d7fc9b995046aab/

Threat name:

Win32.Worm.Sytro

Status:

Malicious

First seen:

2020-11-17 14:18:16 UTC

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/201117-3w84svm9mj/

Behaviour

Drops file in Windows directory

Unpacked files

SH256 hash:

bd05c16d48b2a0abfc57c2b57844b273cea725c3ecf83d3e4d7fc9b995046aab

MD5 hash:

94ffbe3723daba80ecb356a393d20821

SHA1 hash:

08e644c20436bc5cdb450683ff5869361dace7db

Link:

https://www.unpac.me/results/89f2de24-96d7-46f6-9b4e-7fbeeeaa86da/

SH256 hash:

3f8ebb305184c4193ef93587b9d807146d18f7b3fbfc0d5a1ac06a987fd84830

MD5 hash:

691ea3e3a7349a333e320c89268903e1

SHA1 hash:

faa795d30a286f8cd38cc661287229ec77315760

Link:

https://www.unpac.me/results/89f2de24-96d7-46f6-9b4e-7fbeeeaa86da/

SH256 hash:

9faa4c034dd697bd11c79858a049fbd6583fdeb3be8310825a896a15450c8125

MD5 hash:

a6301c6c489f727a156e16f8f2a85f92

SHA1 hash:

7c098a17eebf3942cfd1d47f4344a386c2efda09

Link:

https://www.unpac.me/results/89f2de24-96d7-46f6-9b4e-7fbeeeaa86da/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/bd05c16d48b2a0abfc57c2b57844b273cea725c3ecf83d3e4d7fc9b995046aab

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample