MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb869c32bc4d4a5d9e49f9727aca8c4d49b01391d4c8774a7146c55d64ac0078. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sytro

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	cb869c32bc4d4a5d9e49f9727aca8c4d49b01391d4c8774a7146c55d64ac0078
SHA3-384 hash:	d90e52608032d463ed1bb64d0f989014b78e7c02410035d6e64cfb4dc99fb0fdba59f32d94b97b7603f9e3146e3c212a
SHA1 hash:	8aa75e25ec9731ffde3063bc73c8f63d6840ea07
MD5 hash:	29efafffe05e31c127d3e75dce95e310
humanhash:	angel-crazy-harry-carbon
File name:	a6f3ecb1eee8eae97fae7fb42a52fe7a
Download:	download sample
Signature	Sytro Create hunting rule
File size:	64'698 bytes
First seen:	2020-11-17 15:23:39 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ff63dc9c65eb25911a9bc535c8f06ad0 (62 x Sytro)
ssdeep	1536:zHoSCdeVMCT6ggMw4Y7FgG2xV89mTr39w6XJJzVtiDerxI:zHoLde/OgV432UcP39hXJZniaFI
Threatray	23 similar samples on MalwareBazaar
TLSH	0D53023BA34298EFC690A3B4BB63F32B65B21C661F1517534C241B7B57865CF81B432A
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-49

PUA.Win.Packer.UpxProtector-1

Win.Worm.Soltern-1

Win.Worm.Sytro-6803948-0

Win.Worm.Sytro-9640596-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Creating a file in the Windows directory

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cb869c32bc4d4a5d9e49f9727aca8c4d49b01391d4c8774a7146c55d64ac0078/

Threat name:

Win32.Worm.Sytro

Status:

Malicious

First seen:

2020-11-17 15:29:54 UTC

AV detection:

27 of 29 (93.10%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/201117-sn8h8f3yxx/

Behaviour

Drops file in Windows directory

Unpacked files

SH256 hash:

cb869c32bc4d4a5d9e49f9727aca8c4d49b01391d4c8774a7146c55d64ac0078

MD5 hash:

29efafffe05e31c127d3e75dce95e310

SHA1 hash:

8aa75e25ec9731ffde3063bc73c8f63d6840ea07

Link:

https://www.unpac.me/results/47a63a1c-22c0-4715-ab26-a8226dd68d40/

SH256 hash:

502fa2b9d8f8eddbf5df7f7d5880b4322d4195dc1990ea11db2c1a2f86a54272

MD5 hash:

71fd02592610203ccf287f6d4dfdaad1

SHA1 hash:

86eda3a278c2fcb60572cafe765e8b52baec5fde

Link:

https://www.unpac.me/results/47a63a1c-22c0-4715-ab26-a8226dd68d40/

SH256 hash:

79f387c307e07b092aabb6c969beedfa2d7bc395c8e445c36561c89073c0a8f9

MD5 hash:

dca8f428516555ee2539f7a5703d7017

SHA1 hash:

6938062143109089ccd22b54cc1afd781e7f93a5

Link:

https://www.unpac.me/results/47a63a1c-22c0-4715-ab26-a8226dd68d40/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample