MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0c7e14d47b101ea76338ef3f77f43d9b53e5f90c7d1ce599c05b6a528c47c21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sytro

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	c0c7e14d47b101ea76338ef3f77f43d9b53e5f90c7d1ce599c05b6a528c47c21
SHA3-384 hash:	e366957b66700362c8b0c07abaf2db2ae985e5236b108c72ef98f28f498bf6b162fa03df05895579bd56d05aad7fcb2a
SHA1 hash:	a22f6304022a81dd90ffca304db7cd7131891f14
MD5 hash:	8c7a12714ae787fab902813d7032a55f
humanhash:	queen-colorado-sierra-eight
File name:	a04e4c68f35570573ab87ddcdb294588
Download:	download sample
Signature	Sytro Create hunting rule
File size:	65'169 bytes
First seen:	2020-11-17 11:40:02 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ff63dc9c65eb25911a9bc535c8f06ad0 (62 x Sytro)
ssdeep	1536:zHoSCdeVMCT6ggMw4Y7FgG2xV89mTr39w6XJJzVt0Defl:zHoLde/OgV432UcP39hXJZn0afl
Threatray	3 similar samples on MalwareBazaar
TLSH	ED53023AA38294EBC7D4A374BB17F72B5672187B0F111B934C641B7B5B965CE40B032A
Reporter	seifreed

Intelligence

File Origin

# of uploads :

1

# of downloads :

60

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-49

PUA.Win.Packer.UpxProtector-1

Win.Worm.Soltern-1

Win.Worm.Sytro-6803948-0

Win.Worm.Sytro-9640596-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Creating a file in the Windows directory

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c0c7e14d47b101ea76338ef3f77f43d9b53e5f90c7d1ce599c05b6a528c47c21/

Threat name:

Win32.Worm.Sytro

Status:

Malicious

First seen:

2020-11-17 11:42:26 UTC

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

3bb4918f51f250f3030290f1260cd0683341644efb8b600bab09f9cec2529527

40a5664e3b37ce93e0cff5d5fff0ec17035246fa3c732e78133ec46a4e1664ad

f35dea5ceeb65f42b100de783867cc8e3df68427a16539a7154143210b5ffd48

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/201117-z2fe2mwg5n/

Behaviour

Drops file in Windows directory

Unpacked files

SH256 hash:

2a1e527a9bdbf9410c864d0274f2e538b283f44b6de584cfe78b335cf5666c60

MD5 hash:

02a17f8499db7c08823b0164900aca6b

SHA1 hash:

62e440d955b28175d7b18bc92a07745ae180b57e

Link:

https://www.unpac.me/results/19aa22a4-455d-4b4d-8b75-cae75986b199/

SH256 hash:

3f4da4934d36dbb183c5b39ec326252fdb986a2c9b1272535977312f252ac8b4

MD5 hash:

de9f640d375c511479b6795e375784ce

SHA1 hash:

bae8272236eef4440ef89c1414cda1f08622df04

Link:

https://www.unpac.me/results/19aa22a4-455d-4b4d-8b75-cae75986b199/

SH256 hash:

c0c7e14d47b101ea76338ef3f77f43d9b53e5f90c7d1ce599c05b6a528c47c21

MD5 hash:

8c7a12714ae787fab902813d7032a55f

SHA1 hash:

a22f6304022a81dd90ffca304db7cd7131891f14

Link:

https://www.unpac.me/results/19aa22a4-455d-4b4d-8b75-cae75986b199/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample