MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f85eeab2270c659083716ee569472e93d5086ffa6956767927b0d16ce3ea9f55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Sytro


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f85eeab2270c659083716ee569472e93d5086ffa6956767927b0d16ce3ea9f55
SHA3-384 hash: c792ad9813f2518e1377d7449a2a0f5181b3ce0f3edb8ccb9eea8f4503738f701d94051edfd762f535dbca9f47a0a8fc
SHA1 hash: 7b70db992e5fddec603d6e87ad29885e5dd7ed60
MD5 hash: 9d23f1446465cb76a2bbccf69e5f87b3
humanhash: cardinal-vegan-leopard-utah
File name:a1eb5b671f18c25ab8981f24a247f3fd
Download: download sample
Signature Sytro
Create hunting rule
File size:222'764 bytes
First seen:2020-11-17 11:59:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ff63dc9c65eb25911a9bc535c8f06ad0 (62 x Sytro)
ssdeep 6144:+su1YDl4Ji96fO3TmfMkf5QNm9jFbX4+A:+rK4JnfO3qfv5X9jFDhA
Threatray 13 similar samples on MalwareBazaar
TLSH 5F24126D9F469DE5D21B4834738DAF3023ADEE9C539E27439CA4AB146178320F9B1D0B
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

Win.Worm.Soltern-1
Create hunting rule

Win.Worm.Sytro-6803980-0
Create hunting rule

Win.Worm.Sytro-9640596-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a file in the Windows directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f85eeab2270c659083716ee569472e93d5086ffa6956767927b0d16ce3ea9f55/
Threat name:
Win32.Worm.Sytro
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:01:28 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
182e3d4b24640d22a78c5625a9abd0f00f59332233ea35e6418c4d0f08832639
Sytro
228e569997857ac4e2682561bac13ad534f5ae98c0369874ae582cac17c63889
Sytro
40a5664e3b37ce93e0cff5d5fff0ec17035246fa3c732e78133ec46a4e1664ad
Sytro
447cd37f4afcf90d9bc575a0a1911fec96f8eecce93b50a9a9f94d4f10c22ae4
Sytro
4b27dd8b9f2a9266d60b391b904293e8197e8b9a8cdca68a6dc0dece171d58e8
Sytro
86be9b5c03faf595b66fb18642595a0a360ab7fa98c7dbab74e2f14660215aa2
Sytro
9b6a9d9274d6f901d24028a4b6ada54ec27841b66fea59cdcad4de1197c04060
Sytro
a7133f50657c42bb32b6c91205d6f2e3b8a983958f417f46bab8ac7ab955d010
Sytro
bd05c16d48b2a0abfc57c2b57844b273cea725c3ecf83d3e4d7fc9b995046aab
Sytro
f35dea5ceeb65f42b100de783867cc8e3df68427a16539a7154143210b5ffd48
Sytro
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201117-pxh1g9xage/
Behaviour
Drops file in Windows directory
Unpacked files
SH256 hash:
f85eeab2270c659083716ee569472e93d5086ffa6956767927b0d16ce3ea9f55
MD5 hash:
9d23f1446465cb76a2bbccf69e5f87b3
SHA1 hash:
7b70db992e5fddec603d6e87ad29885e5dd7ed60
Link:
https://www.unpac.me/results/fb39e91d-cf5b-43e0-b679-71f47f80ccf6/
SH256 hash:
2a3936d8d78696a135efd9121d498681a3bae948886e215468105e344de8cad3
MD5 hash:
f4d10484c7a6e5a6fcbebe160bf2e7f3
SHA1 hash:
216232b27c7ef0500e51ef9c6107accfa0e9172c
Link:
https://www.unpac.me/results/fb39e91d-cf5b-43e0-b679-71f47f80ccf6/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments