MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19aaa18d707ab1a3cb98c4a257c1cd8e8e2594b697aaffc2687539583810a653. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socks5Systemz


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19aaa18d707ab1a3cb98c4a257c1cd8e8e2594b697aaffc2687539583810a653
SHA3-384 hash: 9136488a231e990dba21d147b0b12a79105f4ec70fc44505d3aa8d98931cc7b9f4a96fc8e930f5c14dbfbf0433dc94f6
SHA1 hash: 4c5f8ebdad449c7261a30cbc8b145b6dd155fb16
MD5 hash: 9768e9f10ec3a4e9886134dd8fbcf77b
humanhash: may-timing-michigan-october
File name:SecuriteInfo.com.Trojan-Dropper.Win32.Agent.1556.20009
Download: download sample
Signature Socks5Systemz
Create hunting rule
File size:7'335'412 bytes
First seen:2023-12-16 10:16:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'565 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 196608:oAb4Ov/Hirx7Tc8WfIpevtyEDj88cnEhIkmZszj:ohcirx7g4pq88aZszj
Threatray 6'963 similar samples on MalwareBazaar
TLSH T1FE7633E1A220D4F2F81367B1582092500E353AC452F444CCB5FEAB9FDE7A48F9E56B57
TrID 76.2% (.EXE) Inno Setup installer (107240/4/30)
10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.2% (.EXE) Win32 Executable (generic) (4505/5/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter SecuriteInfoCom
Tags:exe Socks5Systemz

Intelligence

File Origin
# of uploads :
1
# of downloads :
270
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/467980/
Detection(s):
SecuriteInfo.com.Trojan-Dropper.Win32.Agent.1556.20009.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for the window
Searching for synchronization primitives
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Modifying a system file
Creating a file
Creating a service
Enabling autorun for a service
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/657d791eb290743934e65530/reports/e0900ce4-ea5a-412c-97b2-98f9bb594b79/overview
Verdict:
Suspicious
Labled as:
HEUR/AGEN.1332570
Link:
https://www.hybrid-analysis.com/sample/19aaa18d707ab1a3cb98c4a257c1cd8e8e2594b697aaffc2687539583810a653
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/e8acc594-7300-416c-9ae2-987b49d349bd
Result
Threat name:
Petite Virus, Socks5Systemz
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1363330
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
PE file has nameless sections
Snort IDS alert for network traffic
Yara detected Petite Virus
Yara detected Socks5Systemz
Behaviour
Behavior Graph:
Download SVG
Score:
75%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/19aaa18d707ab1a3cb98c4a257c1cd8e8e2594b697aaffc2687539583810a653
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19aaa18d707ab1a3cb98c4a257c1cd8e8e2594b697aaffc2687539583810a653/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-12-16 10:17:06 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
10 of 23 (43.48%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dgvkddlqpky2hs4yysrfpqonr2hclffws6vp7qtiou4vqoaquzjq._file
Verdict:
malicious
Similar samples:
0346b3f5bcb18dc9d6406ada3edf3f31acd99abbe72e214ac84c8b8b47bfc97d
Socks5Systemz
53b6054838a9e7503580604b8c222d9b3bb80068ce98107864df9bd33f9df43c
Socks5Systemz
6a1edaddbee0de4f66de7a99c007baa8ba9ad297d3a7e0d750b8f27fe6154486
Socks5Systemz
7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117
Socks5Systemz
92f99236d73d01014771b60c8ee4f23c8ae999c8a576ab1b9a0f4e894841722b
Socks5Systemz
aace929793e89d54fc77801417b9ebd301f51ab027f2b10475279b01aa48368c
Socks5Systemz
dc65301b2065d587ca771f25bcaa129bc40dfef2294a54d5766075befe960079
Socks5Systemz
e7c4b80592d5fdaa4598290ad94595aa1729ee3f21afd24b52d9eaf2a215d25e
Socks5Systemz
fef27f6e75c7b46bd160664e0c4d23454c41619b371c199d5c9341eac5eb020f
Socks5Systemz
+ 6'953 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/231216-mbcs1sceg4/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Unpacked files
SH256 hash:
860ce6b152a3e12ca0336d114c24a7c266aa0b16e033a1388a69d11c21777fb9
MD5 hash:
0edd953d13c6dabd5abcf327e5f28a56
SHA1 hash:
aa419577cbaf4a85102fcbc72ddaa3396a3398b5
Detections:
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Link:
https://www.unpac.me/results/2d8aaccf-d32f-4fb4-acc2-bfaf58c21316/
Parent samples :
e7c4b80592d5fdaa4598290ad94595aa1729ee3f21afd24b52d9eaf2a215d25e
aace929793e89d54fc77801417b9ebd301f51ab027f2b10475279b01aa48368c
19aaa18d707ab1a3cb98c4a257c1cd8e8e2594b697aaffc2687539583810a653
82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182
6de07b921c1697555b4ca043c5a1b8bd75356c92e23d6a472b30b46966476863
99f303475707b9d778b855f038c8b8c42104c753bd5fa26c168b25a7e552a0f9
22a14d248853472bf27c94cc3b506b524673f5c52823b7e6bd470e067c34a3e9
095d7b0323e51f4021e79bcce8d6baeb38174389157fa8d4bc2aac62d4062011
5c152b98e5ac68338e444fe2dc0edf6bf17d5d457798815e400950d8cba68452
SH256 hash:
bfe1ab607dfba71517a995a31be6628c8673dc723660804fd30f374d3989359c
MD5 hash:
e82f019ab3c2e83c05abd197c7912003
SHA1 hash:
a705c9f56bc7d7d0c6591d23337d89fdbabce756
Link:
https://www.unpac.me/results/2d8aaccf-d32f-4fb4-acc2-bfaf58c21316/
SH256 hash:
5c41a451071aa7a8a09848acc600f79395063c184d75c793e99be64d0198c37a
MD5 hash:
e444e09bba95a78cfe1fd9d0736bb47f
SHA1 hash:
bf93f9ac7a6dbe2adf51d28b8fa89229a8efdae7
Link:
https://www.unpac.me/results/2d8aaccf-d32f-4fb4-acc2-bfaf58c21316/
SH256 hash:
77c9c65113999e8111d36dce49651dec97b24deea62af51fd0289853494242eb
MD5 hash:
23d8a37431bb3cce837bce4d4d5a792e
SHA1 hash:
9bb53a335bf21c35b9ec4f770af19e70df026296
Link:
https://www.unpac.me/results/2d8aaccf-d32f-4fb4-acc2-bfaf58c21316/
SH256 hash:
50a5b5794265e58ffe045f32f9941d3c494e5895746f4c16e4ee258a1c1636b1
MD5 hash:
ca54d42870def4a20c0caa914be8fadd
SHA1 hash:
3fb28856ddc1115e91b7bed86902c57327d73a15
Link:
https://www.unpac.me/results/2d8aaccf-d32f-4fb4-acc2-bfaf58c21316/
SH256 hash:
19aaa18d707ab1a3cb98c4a257c1cd8e8e2594b697aaffc2687539583810a653
MD5 hash:
9768e9f10ec3a4e9886134dd8fbcf77b
SHA1 hash:
4c5f8ebdad449c7261a30cbc8b145b6dd155fb16
Link:
https://www.unpac.me/results/2d8aaccf-d32f-4fb4-acc2-bfaf58c21316/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/19aaa18d707ab1a3cb98c4a257c1cd8e8e2594b697aaffc2687539583810a653

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/467980/

Comments