MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 257d04da95c47475dd926281584b2ef4bc56f8fb3331287bc6cfea3f1b1341ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socks5Systemz


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 257d04da95c47475dd926281584b2ef4bc56f8fb3331287bc6cfea3f1b1341ad
SHA3-384 hash: 92b599481c81bbc57eee5ce53f24aa061c2caf4b5254ee0142fac1bfeb0d650c0a4a74d9f2facf604e184b5391d8d761
SHA1 hash: 863f16b4a79ba0da210ca78ddd5e1963dc58d01d
MD5 hash: a0ceae1c2cbad1d8f1e22c2f02473c7d
humanhash: summer-ink-red-east
File name:SecuriteInfo.com.Trojan.Siggen22.37888.21605.7952
Download: download sample
Signature Socks5Systemz
Create hunting rule
File size:7'440'893 bytes
First seen:2023-12-16 06:16:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'507 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 196608:q2gEIwIyDXaJakqYo+40WIK6ULr0kaAxALe/zj:aEbhuJaGg0M6wrMAyLezj
Threatray 6'976 similar samples on MalwareBazaar
TLSH T1437633D2DE748868F13B5F701A30F8B59A4EBC2D636B4746378E57094F0D92E898E319
TrID 76.2% (.EXE) Inno Setup installer (107240/4/30)
10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.2% (.EXE) Win32 Executable (generic) (4505/5/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon fc66d8c8ead8b0b4 (212 x Socks5Systemz)
Reporter SecuriteInfoCom
Tags:exe Socks5Systemz

Intelligence

File Origin
# of uploads :
1
# of downloads :
257
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/467925/
Detection(s):
SecuriteInfo.com.Trojan.Siggen22.37888.21605.7952.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Launching a process
Modifying a system file
Creating a file
Creating a service
Sending a custom TCP request
Launching the process to interact with network services
Enabling autorun for a service
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control installer lolbin masquerade overlay packed shell32
Link:
https://www.filescan.io/uploads/657d40e1ffafd83ebc9150bf/reports/e0ab942e-e92f-4c88-85c7-f4855ebf9647/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/257d04da95c47475dd926281584b2ef4bc56f8fb3331287bc6cfea3f1b1341ad
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/188f9f97-66a6-4480-9174-15001b1775bb
Result
Threat name:
Petite Virus, Socks5Systemz
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1363276
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found API chain indicative of debugger detection
Machine Learning detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has nameless sections
Snort IDS alert for network traffic
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Petite Virus
Yara detected Socks5Systemz
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1363276 Sample: SecuriteInfo.com.Trojan.Sig... Startdate: 16/12/2023 Architecture: WINDOWS Score: 100 45 Snort IDS alert for network traffic 2->45 47 Antivirus / Scanner detection for submitted sample 2->47 49 Multi AV Scanner detection for dropped file 2->49 51 9 other signatures 2->51 8 SecuriteInfo.com.Trojan.Siggen22.37888.21605.7952.exe 2 2->8         started        process3 file4 33 SecuriteInfo.com.T...7888.21605.7952.tmp, PE32 8->33 dropped 11 SecuriteInfo.com.Trojan.Siggen22.37888.21605.7952.tmp 17 76 8->11         started        process5 file6 35 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 11->35 dropped 37 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 11->37 dropped 39 C:\Users\user\AppData\Local\...\_iscrypt.dll, PE32 11->39 dropped 41 106 other files (83 malicious) 11->41 dropped 53 Uses schtasks.exe or at.exe to add and modify task schedules 11->53 15 APhoneLIB.exe 1 15 11->15         started        18 APhoneLIB.exe 1 2 11->18         started        21 net.exe 1 11->21         started        23 schtasks.exe 1 11->23         started        signatures7 process8 dnsIp9 43 bhunitb.com 185.196.8.22, 49734, 49735, 49737 SIMPLECARRER2IT Switzerland 15->43 31 C:\ProgramData\M74Bitrate\M74Bitrate.exe, PE32 18->31 dropped 25 conhost.exe 21->25         started        27 net1.exe 1 21->27         started        29 conhost.exe 23->29         started        file10 process11
Score:
84%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/257d04da95c47475dd926281584b2ef4bc56f8fb3331287bc6cfea3f1b1341ad
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/257d04da95c47475dd926281584b2ef4bc56f8fb3331287bc6cfea3f1b1341ad/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-12-16 06:17:08 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
10 of 23 (43.48%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ev6qjwuvyr2hlxmsmkavqszo6s6fn6h3gmysq66gz7vd6gytigwq._file
Verdict:
malicious
Similar samples:
05fa357e6559b3b80dd3659baf45d42fbace5782ce6cdc58538eb766571f7567
Socks5Systemz
09f58d1d441dadc8b93982f62b66657487ea60aef468609326a15fd0d9b33c45
Socks5Systemz
2eacc6c81c9f25c845c68d34813909cc7de26fe3d1292976cac7a44e7586245f
Socks5Systemz
3998b0a633a86769bce8407061fd3befe448f9f3e4f5cfa19188146debb23fac
Socks5Systemz
67a19b16519f6c0818546f706781c0f586c79df5171fa5df97ea1b212829b43b
Socks5Systemz
6b9d48d1666f6677ec5d0d7c692e3a2a4f5b91b0da456902c9eed4aa2ce6a002
Socks5Systemz
7f6dfa460b311fddb312707b38c5e99324a033bb6c71a0b1383e5b3dbda6d7a6
Socks5Systemz
d19fd1f315f4550faceb971526682922c73287e1b7e5bd2e76334390290dc02a
Socks5Systemz
d8cd770ca38c3cdfbcc9d0807c1fedd00f08cec54e6b6f40e90d0b94a7fc28be
Socks5Systemz
fe310dd89c4db6f130d0f4c72a3da2ef3299195302deea3fa6b71ad10517d1aa
Socks5Systemz
+ 6'966 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/231216-g12ksacbd2/
Behaviour
Runs net.exe
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Unpacked files
SH256 hash:
f81487719ee9e78ff54537b915e1c150af1a3468676821763636643b555b0cdb
MD5 hash:
851f11c47b21a6f18ec43b291577553e
SHA1 hash:
d8330e631a7451f331247fb4a6b81d528c737a74
Link:
https://www.unpac.me/results/1a2d4677-7db7-4551-b996-b156886dd025/
SH256 hash:
19851b5bef9efb7c499eee5abfc671723bce2bc56152e7c9326739c580798cf4
MD5 hash:
9cd6024cde7c4d65b804d6989b5a126b
SHA1 hash:
63f775171c70609942ce999c54b7f040da377818
Detections:
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Link:
https://www.unpac.me/results/1a2d4677-7db7-4551-b996-b156886dd025/
Parent samples :
09f58d1d441dadc8b93982f62b66657487ea60aef468609326a15fd0d9b33c45
64f5599d2ca565072b3943f655c7a23654557c8ccbc5fe186ec6ff3d13e7338d
43dd3a661a9f602eb9ef7e3fa17b42595e0a553c527b79a6da11b48190966926
3998b0a633a86769bce8407061fd3befe448f9f3e4f5cfa19188146debb23fac
b11c8b9cdd96fd30e5de3a69ccde8edafe13438c0fceda7e392b5cdde5ba7daa
13054411201b9158073642396f92d1cc9ec35e6a7895aef500a46454d6768e1f
2eacc6c81c9f25c845c68d34813909cc7de26fe3d1292976cac7a44e7586245f
04cbe05091761151102b9cffcaf6a1c91e4b4431f521e03dc1c2304a820e04db
57b0e80cb3cfb0214034959e53f1c7ab6c9312394573024276c95811cdaeb278
7c5dce3c966132533dbc71ac949be7e5750733d52a62d008cdcde90d4a8f6dec
acec330775d1b7479de1f6a6f2fad308bf213ee146461b906ab78827f3a372ef
d19fd1f315f4550faceb971526682922c73287e1b7e5bd2e76334390290dc02a
9f946835520f2eb712787c74581a25851375395b5cf6809335fd990d224743e0
87d8fbdd2a9a937527613e5f62ce5eff9a926a1104127ecc2ac3806a7fe93b19
836bfd331f9becf071f69796ec1ccf01eadf2874f2459783b209d31c8628bccd
5625cf870b0150d5978ac206682189f0c1f51965d4aa5e0eebc68972c07754ab
05fa357e6559b3b80dd3659baf45d42fbace5782ce6cdc58538eb766571f7567
c3e5232d718d67fc44801898ab3b4040f06987f503be28e2e1255072a978b375
dd1d75a550c07fce20c852d0298ea131fd45f6bf6835c785588a8ef10a45f6e5
fe310dd89c4db6f130d0f4c72a3da2ef3299195302deea3fa6b71ad10517d1aa
ab1f2af009b409fe6d0e3b502c914ac35632df649f0ffbf21c18b280b060743e
1fa7b6e65f92a710e3871222472b79ae41042a3298a44345b62ecacf1ff8f458
67a19b16519f6c0818546f706781c0f586c79df5171fa5df97ea1b212829b43b
1f26d5fbb26b6276727d3fffb91bac7eff283634ef889125234cf1929cbd9c71
326546470a0b59e2715ac56154717195307ed202129b01d1cf3c018f2f7945bc
ac59e65ec92931e511ebab7791b27a7e931a1779eeccc3375c17437c03b9453a
d8cd770ca38c3cdfbcc9d0807c1fedd00f08cec54e6b6f40e90d0b94a7fc28be
b9d93592dbf88f14761154701a50c763c64206d3f79449b3976a2db7c6362ec8
9083f18e2c75537abb36189fc056199b808adf58ebefbd6f91cb5f58b44ceb7d
7f6dfa460b311fddb312707b38c5e99324a033bb6c71a0b1383e5b3dbda6d7a6
0bf4d2ac1712d13b5c0f63072b6f5d4e624417b7f121a27c56397853d46eb007
d3f133acb1eda46d7aba9cc0036b8a3b96398688a1d56c5308b129ad297c6cf9
91e79de46ed98d5f26afe533b2ea43d019a88d98c701b2e9c82d2b19455e7a52
257d04da95c47475dd926281584b2ef4bc56f8fb3331287bc6cfea3f1b1341ad
f6538739b978572621cea81af29f7d5787d3c8e174646e18455c28b37a001e5d
811757b5704cea023793ba821ccd33a9ba82a6512706b54b65185c52015d6970
23346468a7edb68bdb3ffca1d836c3e3d93c1149cff3134bbfceb3c24ef85f4c
3256cc6027be123e5c1c1e0e87c80f85f78c7d188482758d0efcf01ac6825638
SH256 hash:
f6ab45b7a9da5231c753e03a103c54c0f6dc2759e11cfea35a1d93c585bf56e9
MD5 hash:
a86d77b6de7c39281038a7f6a0c0d126
SHA1 hash:
bb0d9c243ff0fb31e6cd62663fd85fe21e0bf43e
Link:
https://www.unpac.me/results/1a2d4677-7db7-4551-b996-b156886dd025/
SH256 hash:
c724c767c98742b9fa1cecb249b3adfb154e8cd3a8c24a8dcc09d5fab131dba4
MD5 hash:
bb104b85dbce15cb7548266d4e877505
SHA1 hash:
25e6d3dd307518d1c1e51f7be994230c8a22bb09
Link:
https://www.unpac.me/results/1a2d4677-7db7-4551-b996-b156886dd025/
SH256 hash:
257d04da95c47475dd926281584b2ef4bc56f8fb3331287bc6cfea3f1b1341ad
MD5 hash:
a0ceae1c2cbad1d8f1e22c2f02473c7d
SHA1 hash:
863f16b4a79ba0da210ca78ddd5e1963dc58d01d
Link:
https://www.unpac.me/results/1a2d4677-7db7-4551-b996-b156886dd025/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/257d04da95c47475dd926281584b2ef4bc56f8fb3331287bc6cfea3f1b1341ad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/467925/

Comments