MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfc13b16a87f57ac09090e30ea47e1ca3a46cf2818af733a38662fce4bf0d69b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Sytro


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bfc13b16a87f57ac09090e30ea47e1ca3a46cf2818af733a38662fce4bf0d69b
SHA3-384 hash: eb76b8a05250c06fbd6c73624a4f6e38263746f41e2858ff68c85213a0d833e5223bce19580b90bc3bbccd1ee06b8257
SHA1 hash: c71f1252b4a1387475596c07c1e4125db0183216
MD5 hash: 7c44b4aa6ec54513d45a303d0092edd9
humanhash: magazine-red-ink-floor
File name:a80d7e081e5d93b0f0c22a324ab807c6
Download: download sample
Signature Sytro
Create hunting rule
File size:64'659 bytes
First seen:2020-11-17 15:43:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ff63dc9c65eb25911a9bc535c8f06ad0 (62 x Sytro)
ssdeep 1536:zHoSCdeVMCT6ggMw4Y7FgG2xV89mTr39w6XJJzVtJDerW:zHoLde/OgV432UcP39hXJZnJaS
Threatray 23 similar samples on MalwareBazaar
TLSH D353023BE74298EBC790A774BB63E32B5A720C6B1F11075708641B7B579A5CF40F422A
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

Win.Worm.Soltern-1
Create hunting rule

Win.Worm.Sytro-6803948-0
Create hunting rule

Win.Worm.Sytro-9640596-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a file in the Windows directory
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bfc13b16a87f57ac09090e30ea47e1ca3a46cf2818af733a38662fce4bf0d69b/
Threat name:
Win32.Worm.Sytro
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:48:43 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
182e3d4b24640d22a78c5625a9abd0f00f59332233ea35e6418c4d0f08832639
Sytro
228e569997857ac4e2682561bac13ad534f5ae98c0369874ae582cac17c63889
Sytro
2c0f27c18345c0e3159c0e268fef11ad8307204d7bd8a4e5401ec826f2bda301
Sytro
2ea0c63e38e2806812057385443a5253c269764c33449f84ae52bafc3ad45acc
Sytro
40a5664e3b37ce93e0cff5d5fff0ec17035246fa3c732e78133ec46a4e1664ad
Sytro
90b86965b599abaf095c723c9c354213e39c5633973e6ae383a9ba1afa511a06
Sytro
91d8dbc511709b9b8c9fb4ff155cee4ea09299a23096f949812f600abbf0c1b4
Sytro
bd05c16d48b2a0abfc57c2b57844b273cea725c3ecf83d3e4d7fc9b995046aab
Sytro
c0c7e14d47b101ea76338ef3f77f43d9b53e5f90c7d1ce599c05b6a528c47c21
Sytro
cb869c32bc4d4a5d9e49f9727aca8c4d49b01391d4c8774a7146c55d64ac0078
Sytro
+ 13 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
bfc13b16a87f57ac09090e30ea47e1ca3a46cf2818af733a38662fce4bf0d69b
MD5 hash:
7c44b4aa6ec54513d45a303d0092edd9
SHA1 hash:
c71f1252b4a1387475596c07c1e4125db0183216
Link:
https://www.unpac.me/results/cf70377d-3375-499b-9046-9cb0e64afe42/
SH256 hash:
fd8510a2eedcee0cf8569aa433bf268897bf4d9cd361cfa9ad542523387413ea
MD5 hash:
29272e49dcb7b824ed6391acc7559f87
SHA1 hash:
4ab131bef6c1c463314c46415420a36460d8809e
Link:
https://www.unpac.me/results/cf70377d-3375-499b-9046-9cb0e64afe42/
SH256 hash:
2ca83aea906cc2123ff1fd42d4f138748ea38f8d9e8fe0c7991bb6e09e6ebb55
MD5 hash:
a6cd0ab391a179b61ab107ebe0ec3d23
SHA1 hash:
c0263e622c6dbd5b213bc27f891c12d9aa2d69a7
Link:
https://www.unpac.me/results/cf70377d-3375-499b-9046-9cb0e64afe42/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments