MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socks5Systemz


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768
SHA3-384 hash: 857909496d6919a90d5063f207479b8c82d3460b0575e63bd3ba8c1da1f0d0b41467be8d2320a5812fff2e3124e1a4f7
SHA1 hash: a4b2733c038e0e98adf4a92a5716ef5b2fc5ab7c
MD5 hash: 6ef865b62937faf097db72cf19f11222
humanhash: october-nevada-oven-kansas
File name:6ef865b62937faf097db72cf19f11222
Download: download sample
Signature Socks5Systemz
Create hunting rule
File size:7'447'052 bytes
First seen:2023-12-15 15:54:37 UTC
Last seen:2023-12-15 17:21:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'459 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 196608:cJcIMVr6m+qQPAq9CezsurXLQ9LEQ9hSHwrjpJdPYOuCnYxbhtzj:3n/UPhKughQwfLdiWYhtzj
Threatray 4'320 similar samples on MalwareBazaar
TLSH T15F763320B692C077D2212F74260DDAABEB42FC987574786D3ADDED5ECB0189D001DF6A
TrID 76.2% (.EXE) Inno Setup installer (107240/4/30)
10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.2% (.EXE) Win32 Executable (generic) (4505/5/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon 6060d8c8ead8b0b4 (29 x Socks5Systemz)
Reporter zbetcheckin
Tags:32 exe Socks5Systemz

Intelligence

File Origin
# of uploads :
2
# of downloads :
276
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/467575/
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.27359.21974.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Modifying a system file
Creating a file
Creating a service
Sending a custom TCP request
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for the window
Searching for synchronization primitives
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Enabling autorun for a service
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/657c76d910642636b3899090/reports/afe53fe9-a877-4197-81b0-637c253809eb/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/66f1bc06-ad56-4608-8380-087a8740174c
Result
Threat name:
Petite Virus, Socks5Systemz
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1362753
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has nameless sections
Snort IDS alert for network traffic
Yara detected Petite Virus
Yara detected Socks5Systemz
Behaviour
Behavior Graph:
Download SVG
Score:
93%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-12-15 15:55:08 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
7 of 37 (18.92%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eo62dwhjfq2lopjp27f2abctmmjdwhfhanse4etsjfqcb5epa5ua._file
Verdict:
suspicious
Similar samples:
0a86a03eb33ca09a55c10959585ba22b57d7b6c5d773f3fb3aa7185a621a6931
Socks5Systemz
2ca3143628b515dc17d272e6986ae740b49e731b2a886e38fbfe9a159740b420
Socks5Systemz
6c997357d37e49570db5aeb5c982fd437743c7119908935cc96f60be6c92535a
Socks5Systemz
6e0ccbd59707ff8aa7b292f0978498980b3ee813cb124bf09263b5ba68bbd0c7
Socks5Systemz
7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117
Socks5Systemz
c2e55f0a100ae9d0de039823ce47857095951cc1686aa32a82b07490d39f20fd
Socks5Systemz
dc65301b2065d587ca771f25bcaa129bc40dfef2294a54d5766075befe960079
Socks5Systemz
e230ccbb4cb095229c887d716f60d6827e262e0aa014ffc841d7739085011b19
Socks5Systemz
e4109841b90effae706bf8a179d14fb4235092a5700fb88caa92ca73bbd10837
Socks5Systemz
+ 4'310 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/231215-tcsdesfhb9/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Unpacked files
SH256 hash:
bfe1ab607dfba71517a995a31be6628c8673dc723660804fd30f374d3989359c
MD5 hash:
e82f019ab3c2e83c05abd197c7912003
SHA1 hash:
a705c9f56bc7d7d0c6591d23337d89fdbabce756
Link:
https://www.unpac.me/results/d2327b3a-1d8b-4b41-a1e6-8e709a10557a/
SH256 hash:
d9460bbfb0c1ec873189af816aa1faaa9c5461da03b5bf9293ae3bf5ae552fb6
MD5 hash:
148888a24b7194b1ae7409145d3cd7eb
SHA1 hash:
69b584ca848479c2cbca7b0e8c8a126492d4c3b1
Detections:
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Link:
https://www.unpac.me/results/d2327b3a-1d8b-4b41-a1e6-8e709a10557a/
Parent samples :
dc65301b2065d587ca771f25bcaa129bc40dfef2294a54d5766075befe960079
23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768
7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117
41c26911be2b0a6de90a3b718748347aad4584d1f1d98b01c3caa1bb8e337d5c
SH256 hash:
3c5a5dfe48fd52d00a41a58cf6c5a564cd94f9cef858b9b9aa15681767cc2d4c
MD5 hash:
819926ad1b4d8bcdde32b4f9e0402a45
SHA1 hash:
dca7b2041522c1e9673d9cdc7567fe11b1639953
Link:
https://www.unpac.me/results/d2327b3a-1d8b-4b41-a1e6-8e709a10557a/
SH256 hash:
d4c3c18ba0726996c729cad53724cf3518e62601247c36fdc7ecfde577c62961
MD5 hash:
2046645ebc5381853a770f0e0dfa5381
SHA1 hash:
a9f44f6fdd8def65fe6deba1e27674af81e426b0
Link:
https://www.unpac.me/results/d2327b3a-1d8b-4b41-a1e6-8e709a10557a/
SH256 hash:
23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768
MD5 hash:
6ef865b62937faf097db72cf19f11222
SHA1 hash:
a4b2733c038e0e98adf4a92a5716ef5b2fc5ab7c
Link:
https://www.unpac.me/results/d2327b3a-1d8b-4b41-a1e6-8e709a10557a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Socks5Systemz

Executable exe 23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/467575/

Comments


Avatar
zbet commented on 2023-12-15 15:54:38 UTC

url : hxxps://cream.hitsturbo.com/order/tuc6.exe