MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 083726dbe22172de72c146d26ccb92861bc2af11615947ac288279511befac37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socks5Systemz


Vendor detections: 12


Intelligence 12 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 083726dbe22172de72c146d26ccb92861bc2af11615947ac288279511befac37
SHA3-384 hash: 5d55534cc3fb12f686e40831df67cb593b40b3ed4b76c19d1bb902ecc1627163740c34acf4bac69fa962c0e5ae4ac9e9
SHA1 hash: d8e24caed1bd198c0388bf227c469c6baf35f7d7
MD5 hash: 0719974155b817f010e7626babb7fe1b
humanhash: pasta-mountain-purple-victor
File name:tuc6.exe
Download: download sample
Signature Socks5Systemz
Create hunting rule
File size:7'515'271 bytes
First seen:2023-12-12 15:05:45 UTC
Last seen:2023-12-12 16:37:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'454 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 196608:hxm56Uu8mvAF2l3qqRHw/djqMJueNbMvn+pXnhH5RCLK5Ehezj:Cul8A3nHwljqMksY/4p5RC25qezj
Threatray 6'294 similar samples on MalwareBazaar
TLSH T1977633E310CD9CB3E4389E7069A3DB346DA17FED3A30567024AD3B991B356F8244AB15
TrID 80.0% (.EXE) Inno Setup installer (107240/4/30)
10.5% (.EXE) Win32 Executable Delphi generic (14182/79/4)
3.3% (.EXE) Win32 Executable (generic) (4505/5/1)
1.5% (.EXE) Win16/32 Executable Delphi generic (2072/23)
1.5% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 00f8dcdcdcbebe00 (621 x Socks5Systemz)
Reporter Xev
Tags:exe Socks5Systemz


Avatar
NIXLovesCooper
Downloaded from http://never.hitsturbo.com/order/tuc6.exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
250
Origin country :
GR GR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/466577/
Detection(s):
SecuriteInfo.com.Other.Malware-gen.216.15947.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Launching a process
Modifying a system file
Creating a file
Creating a service
Launching the process to interact with network services
Enabling autorun for a service
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/657876e156f85d0de416dcb2/reports/39cdf544-7bfd-4aea-a079-84514c979ffd/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/083726dbe22172de72c146d26ccb92861bc2af11615947ac288279511befac37
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/ad1a010c-c016-4def-b701-79c91b80b802
Result
Threat name:
Petite Virus, Socks5Systemz
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1361055
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for submitted file
PE file has nameless sections
Snort IDS alert for network traffic
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Petite Virus
Yara detected Socks5Systemz
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1361055 Sample: tuc6.exe Startdate: 13/12/2023 Architecture: WINDOWS Score: 100 45 Snort IDS alert for network traffic 2->45 47 Antivirus / Scanner detection for submitted sample 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 6 other signatures 2->51 8 tuc6.exe 2 2->8         started        process3 file4 33 C:\Users\user\AppData\Local\Temp\...\tuc6.tmp, PE32 8->33 dropped 11 tuc6.tmp 17 76 8->11         started        process5 file6 35 C:\Program Files (x86)\numGIF\numgif.exe, PE32 11->35 dropped 37 C:\Program Files (x86)\...\is-N1BBL.tmp, PE32 11->37 dropped 39 C:\Program Files (x86)\...\is-BUFTI.tmp, PE32 11->39 dropped 41 56 other files (none is malicious) 11->41 dropped 53 Uses schtasks.exe or at.exe to add and modify task schedules 11->53 15 numgif.exe 1 15 11->15         started        18 net.exe 1 11->18         started        20 numgif.exe 1 2 11->20         started        23 schtasks.exe 1 11->23         started        signatures7 process8 dnsIp9 43 beggckx.com 185.196.8.22, 49734, 49735, 49736 SIMPLECARRER2IT Switzerland 15->43 25 conhost.exe 18->25         started        27 net1.exe 1 18->27         started        31 C:\ProgramData\M76Bitrate\M76Bitrate.exe, PE32 20->31 dropped 29 conhost.exe 23->29         started        file10 process11
Score:
92%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/083726dbe22172de72c146d26ccb92861bc2af11615947ac288279511befac37
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/083726dbe22172de72c146d26ccb92861bc2af11615947ac288279511befac37/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-12-12 15:06:07 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
10 of 23 (43.48%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ba3snw7cefzn44wbi3jgzs4sqyn4flyrmfmuplbiqj4vcg7pvq3q._file
Verdict:
malicious
Similar samples:
12b3df965a50b76cd828cb3c2f9bff96bc8e5940c82cbb4536bb0811130d3cb8
Socks5Systemz
2a93090f1a2ec3229bab78ddded1e6ba53eeb449b194e427cb0afbc270c25f4c
Socks5Systemz
4c63b8f4645abecb4338b18559dc7842f53986eaf995cce1530ff6abf47a9931
Socks5Systemz
4c841dd15c0f4f5585bfb94c3634ec3cddad913aae4e79c78f24b467aeece4e7
Socks5Systemz
7a0fa3b1eb6900675d45b2bdcdb6172ff15180a8e2aaf7d97c068d168835306a
Socks5Systemz
8a11bf8ffb84d5d1f36ef191d8c4e2720f9a203599cb494f4e426ecbc37c7c8b
Socks5Systemz
b3e7480976f86f5f93643592c8f36b90564c36ab638f539164c8d5ed92159bbc
Socks5Systemz
bae85d076b2e0739378a5786c40673dfeba644938df92ae36ac15f65d6326e7a
Socks5Systemz
f29c8e7d508de3ebae36d2d9ea53868677cca972c32d9c0323b628ec56982f9c
Socks5Systemz
+ 6'284 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/231212-sgqjysfahj/
Behaviour
Runs net.exe
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Unpacked files
SH256 hash:
bfe1ab607dfba71517a995a31be6628c8673dc723660804fd30f374d3989359c
MD5 hash:
e82f019ab3c2e83c05abd197c7912003
SHA1 hash:
a705c9f56bc7d7d0c6591d23337d89fdbabce756
Link:
https://www.unpac.me/results/8094d3d3-3aa6-4abe-be3f-29a7295d6c39/
SH256 hash:
ecfcf4e00f3224a5c9be7ecb1b62c5cad8a8802f87dcc7c31be4caa875d57062
MD5 hash:
4b40358855255c8e6e5098090956e516
SHA1 hash:
42e2aa2c2f0f6e7a0c745d4c47adf0ed31436d95
Detections:
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Link:
https://www.unpac.me/results/8094d3d3-3aa6-4abe-be3f-29a7295d6c39/
Parent samples :
6c997357d37e49570db5aeb5c982fd437743c7119908935cc96f60be6c92535a
400337d6dbe338931545a8bbdf978f875e74f9eccfabfc15d7a1fbf4888ef3c8
6e0ccbd59707ff8aa7b292f0978498980b3ee813cb124bf09263b5ba68bbd0c7
0a86a03eb33ca09a55c10959585ba22b57d7b6c5d773f3fb3aa7185a621a6931
e4109841b90effae706bf8a179d14fb4235092a5700fb88caa92ca73bbd10837
2ca3143628b515dc17d272e6986ae740b49e731b2a886e38fbfe9a159740b420
c2e55f0a100ae9d0de039823ce47857095951cc1686aa32a82b07490d39f20fd
b3e7480976f86f5f93643592c8f36b90564c36ab638f539164c8d5ed92159bbc
7faedd8af736e807166e03092da4d49906ab4747f2021337fd39bf871957146d
d2441f9478d42754afe1c7ff3e057141a87dcb01c08c6475271811c98d65b825
a71014cc0d1f8415ccf312b4b5b37b108c5805b448cc5643909678d17280537d
e230ccbb4cb095229c887d716f60d6827e262e0aa014ffc841d7739085011b19
6580b3c3472499517ce0feb56e824d9f7c79d9335430160d2f4516c7066ef93f
2a93090f1a2ec3229bab78ddded1e6ba53eeb449b194e427cb0afbc270c25f4c
b60b174dfcbf18013460ca4112cae8b872101734fe0d85364b25cb45920ec3bb
60b10d6294c1baf76b3bab8d311e3231970fdfd9e001fbce233caa27854d66f0
4c841dd15c0f4f5585bfb94c3634ec3cddad913aae4e79c78f24b467aeece4e7
3c6f51d1e72f8e1b7a388e8e744e9716a69f40ec6e9ec4302ab7cd7cdf3ca77a
1fa7c303a7a606901df7c29f7b68c84fd3f42f5cc84a9271a0d1d643461b3d3b
fbfc3a56bba1041d9d9ee8f3a467859585cd90534d068f5b7a7bd2e2b931b16e
ce6d5ed0f48d795b4042fa6d196c09dad0ba9978089852e39d4911e64b381771
f986a8c72646c44f9067372438bfe39cd3d46b4d501eec37ea811296763f703f
e2cfcc962ac02df4c8f63150a680a1f16f40fafce530c2089445e7b2caad0163
12b3df965a50b76cd828cb3c2f9bff96bc8e5940c82cbb4536bb0811130d3cb8
8a11bf8ffb84d5d1f36ef191d8c4e2720f9a203599cb494f4e426ecbc37c7c8b
bae85d076b2e0739378a5786c40673dfeba644938df92ae36ac15f65d6326e7a
f29c8e7d508de3ebae36d2d9ea53868677cca972c32d9c0323b628ec56982f9c
c0f320656cac6df9fd528bd10bf2e3cf0b8b7bcd2ae77c7b48151242487d2f46
4c63b8f4645abecb4338b18559dc7842f53986eaf995cce1530ff6abf47a9931
7b69cc35a8f19191964b5c58ff9c40fcd63a2889b429adbf24c42c7a1b09c9ff
083726dbe22172de72c146d26ccb92861bc2af11615947ac288279511befac37
f2e6d49679972fc3fdcd69ac79f52cbab5b5654ade8d5ed422a8a8da0eb5d9d3
fd3ed619bb14e996efef73d9cdeb19f6049ef72da9a21bcf536dc25670ae62ab
083ac4384d5db4d8b2e7afe426b9e414da49dfaf9195c16cb79c2d6b940c63b6
7a0fa3b1eb6900675d45b2bdcdb6172ff15180a8e2aaf7d97c068d168835306a
59f45b7dd5f2457c561c0c3b9d8e71257ceb6cceafa9f22414b9338c10e2d0c8
c76264d5fd66b78c05cbb428c8bdbb1639fde462df43c40f2cacc43ef81060f1
6a871653d0f1db668de5f335c0fc7b7003d6afe64afcd66b0c91c32c1e3583c2
64ec1f518a7f8b017e34af2033d26a2c919197170b75b334fd20a7b6beaa2268
ef223e8bb465cbbfb73e2e7b5cd437fb37258ab6c586f08d42bca12e9c3f98be
bd3ca5575aeca57894498db7503e413cb31c736f1bdad0aabebe56fce9801039
30a028078578ff31cc6112845345480ddddc6cd0930440c23f9e6e3947e17714
dec4b6f8ebcfb72a09812570bb90559246b829121c49164a00f0827458ca28b1
948e0f8c113b2779178af502ca75b65916bc01c09bfb93ce89c7cd441825979d
6bfa46f7ead6dd772e9a2e2f6e1e10c452ebabc4f7fca7944fa45fd95f979279
b895f01b907aef299a115bca0da466678d964fa20ff232efd944b0e39a8799bc
49c6e47577487326332739dbda634a5c075ecd96a64718a3fe29d20081dfdb5e
3ee37d06a75078af2f2cd4390103a0c8a5dde52e7dff25a3ccdfcefb9fa85c23
cfc140d9f17b79c4fdb458c979e2cd96cb130727c7992232c183d99837b478fd
32c1f4333ea695494e36064693674f6661c011024469234429379f3a2a8e786b
c494d4943565099f8c95ded5d41618ed2743245927c8e3a148222569f03700e3
0346b3f5bcb18dc9d6406ada3edf3f31acd99abbe72e214ac84c8b8b47bfc97d
a2cb95955102a73217481c880e05e2701c92aae635faaff486d5262d30b274f2
bf9d6e57e46938bd0258205bdc5ac050d12b5659e445484e7815f891fa38c469
7f0d0953a03cf1eb37dd8552f94d91c1521817ca4b3d81416adc85cf310f9deb
f5b55cb4d403f00c80167630e41ffef3139e9160218090aa9134c890b8a3b6d6
d94d91c7c95f7c33b60cd5164e181344a224bfa3200d981b750dbcc1e1174395
f41d7716e1a3178707a6371f0861b03e80172844408582c0306f5f78c6bd659d
1e24fdb0f0915cb04bd0bfe88ce7905d51318cb4f3650d5f72e9d8d56dca7a4d
8c5eeb261c7ab1b0ac9ca2e42f086db6be87e0894b07907fc86d13d2f99632ab
fef27f6e75c7b46bd160664e0c4d23454c41619b371c199d5c9341eac5eb020f
69d3495d568a7509d1078cb98d730901a9a2a9cd24f6c4d1a31c754800ff870c
3c309b6128b6c96cfe9c150a8f422f74dcdfb8a5bf828b5ee3abf0ea7713ce9d
c2bd81808308dbafb121478bdce916418abdaf97abfe476e659e4a56f41bf5dc
19aa32abdff496ac986a1d730efbde0fde4f44511e2e87b8757e070c12ef79ac
7756d38aa69da92b295836329045d3727e2e543c44ad700c1d87ba6a2b12f89e
eeb3cfa37d0767c5af8e964896d5d2d11ccd9ec229d9e1c033961a5f1837d557
9562c846c071cf7ed34fd5a5b3a20e03b6c6a6151cbbd4feada89abba34fdc79
0e679cb052c98e24e7132da949b09a27c21078c1b6410800350f3a983813dbab
bf39592a046fced90805dbb948e258256a31357c85fe9b5e02907c56218039c0
e9dbe2e9077c9f0731887f208fee7c90976a2145ca138ba6823d42041b1cb1c3
61f64499815d55b1e706393a8aa4ca442a7eda7fe37f20537ba6a47cef52554a
f09f5ead7ffe7a1acea1f38a5f0bb12df840cbde951785e8c850ffb9277022a9
93ff80f4b9c297cfc6bd2c5f8f759f5d5dcbe4786e81dc4d56e790e6f5e4b960
9380f393b47bbd55d93ed547d95c311112802042bd0914d127e094286d460064
a40601934457007107a27a4c5d67457fda1694f8325474bc88fdb39bb7ad3ff3
44e7fe7a8de83138df4fedde7cb233c2d15512419e48ff55ebe64a4df940c96d
4f65a8c67109c1be3fc2b7f19e64f9e175fbc9f66e8d98b53fb9ef73966f8db0
831826ffa3d5c689f229cbc0656c2b1f757b73a4d0c05ae0b8fd025f205daca3
579acf25a29a38637b19312cbb363f56125ac9a59244927322f8abe1ef61b436
6d030d997703a46fbe1e4432d05d62c07f78ab060f6d0c53e9550b1163140f14
3e8e967d18fa1ae7c3638766a72e89d95d689e0e5997747102e52e7793f8fe62
c4e554c7ed6846ea4fdccc3b74d0bf67ee9c7b5aed5d13b30005315955f31695
65de6d2e7d98b8866c00ae9ca8337b61baf92f9cc76332a0f26654e1cdfdba04
c50eeaac216eb8260a27c45b60991796ec0229ed939586899530fbdd52ce0768
0f9c930a2141778cfab612c26944fb13b7da73e456d3fbb2d17eb42bbf286cbe
8f6baabce8e88178ee304134d5854cb1ff1a4a3bfcb806d3c4dae307dfc80627
5a24e0dba7011990ea3a5c71093f155b54a8a9666c76321846c0a12fdd94ff48
696e70bc4d91b0fe1f3a1f849807ced52d28f7eaa083784d3010c091e4d03f02
798bd79f58ad7db35cb30bcd49c709def77d4fbff7627cfe4ff4e036f07ea133
1ff3119f408f446272b78959f6fe34f5778c838cd2cdef35516662e99581d647
c372911fbfc31abf2bfa01db1411195551c9612a6f1a5197c57b8a5eade6c6ff
e9b2eadd64dcf62d4ea88c0a900f667fc842efee081ecbc08d61e12096565014
949ac35f53e65cdaf0ffe7e85c0fe43f0f18c3215e4b2f61087140d2186c4340
37a9d6b08b88c1a6178ba02cd4e584b738b45ab2d2f10c02f3e55acbe1318dc1
6e1082d6a29cda53d80522aae9dacb534445161ca5a94a7832b1a28227d2b1d8
4a4beb7b1f2c948e1e83cb0d1a3dee1a4794093fab342f4b05b759b99ae8617a
41408f3e38fd88cb4e55186000dff55a89f18aad3b84977bf4c4d3b977decf46
6db49853ddae2f0cf79ac88e80016b97abb0b77f571409780888b8f6e624bc9e
29ef24a7cde32642462f9e6f4859901f1bb589eb5df1729abf063f811bdc0790
f3f72f963e6c0e49e43c75eadbc9e9cb3abcee5a223bc8f7fc3185cc823e6be0
a3081e1150334e701ab3c0f0a6b22b515a473c403f429bd7adab8e0b6d249ea3
b34626190e49b22695c237a7579e0ed034a05ea8580e32519cfec26d387e9df2
93b4c3df789c6701cab9a8f65a870186e7a21a33ee1a4c5cea4c2a7a9f95b258
cc2a6d3d736741ebc44c8c8df9d4bba5e45f06f23a2aad26cb8a81f4bfc029f2
8bff1238989543330ce5f73925b6d696aa40336da48514982d0357cbc54304ca
6763091c5ea4b0518924e30bc9b66913e6d8973776c095f7375f866f619a0fab
4c55a4d9bef92f852d0232157a66518e79e2baa9b246a8578e32b412214b006c
54c4041dac83bfd344fbfb748d4b2beb4914c186fd6b270a21d5c30036f0091a
92f99236d73d01014771b60c8ee4f23c8ae999c8a576ab1b9a0f4e894841722b
c37eb697755efbd9d03fc4dbf57c51c1e8de46253f74ba05662606796505a532
217df8cd01e5af2f457b03c2ebfb63ced5bacc707a6f6e724529bb2c6e45f2fd
53b6054838a9e7503580604b8c222d9b3bb80068ce98107864df9bd33f9df43c
SH256 hash:
fa45427375cdccfd2783b0c237010bc1f147eea19bc6f65715b8afbd51072bac
MD5 hash:
05658d230de2fc693b9856c414928ed2
SHA1 hash:
8469bd5fd3e17f8403e0794dfc6f425e0f369f2e
Link:
https://www.unpac.me/results/8094d3d3-3aa6-4abe-be3f-29a7295d6c39/
SH256 hash:
1d47999ac2f3d06b164cd33c06798d3cecfc8091ea99d24648cf2fc0f052b821
MD5 hash:
036b8dc3d86f2f65ee5c0b2b71c2fc83
SHA1 hash:
79a335c7347c97cd9966805537ca011f675a4c45
Link:
https://www.unpac.me/results/8094d3d3-3aa6-4abe-be3f-29a7295d6c39/
SH256 hash:
1427e5443893b2063fa5827e55082cb9c0ff07dacd4bc653c8f37e7ac373d68f
MD5 hash:
4952b5f17b6d4d6e8f95f2615472b1aa
SHA1 hash:
1101403843eb65635512f409f98b5e71c682b26b
Link:
https://www.unpac.me/results/8094d3d3-3aa6-4abe-be3f-29a7295d6c39/
SH256 hash:
083726dbe22172de72c146d26ccb92861bc2af11615947ac288279511befac37
MD5 hash:
0719974155b817f010e7626babb7fe1b
SHA1 hash:
d8e24caed1bd198c0388bf227c469c6baf35f7d7
Link:
https://www.unpac.me/results/8094d3d3-3aa6-4abe-be3f-29a7295d6c39/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/083726dbe22172de72c146d26ccb92861bc2af11615947ac288279511befac37

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with VMProtect.
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
http://never.hitsturbo.com/order/tuc6.exe
Cape
Cape
https://www.capesandbox.com/analysis/466577/

Comments