MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2713fa8310ce0b09b1adab2f69986e5935a989122f734f8f1ffe588668036637. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socks5Systemz


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2713fa8310ce0b09b1adab2f69986e5935a989122f734f8f1ffe588668036637
SHA3-384 hash: 30c6e91c530013f0ac243053d0edff4cba7ee0954c3ea36ec501317d13bfa1ca608eccdcae5ea011ca5fa856cd618ea7
SHA1 hash: afbf17ab12f7016e669ce6f7ddd895a8a0490f68
MD5 hash: 1d440ce22178df52fd4db154a726a67d
humanhash: monkey-hot-nine-angel
File name:SecuriteInfo.com.Trojan.Siggen22.39555.29002.19042
Download: download sample
Signature Socks5Systemz
Create hunting rule
File size:6'865'202 bytes
First seen:2023-12-17 04:14:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'510 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 196608:hbWfMl/qUnk/clWxxbHbK3174Q49GSHmYmF:985UMTHb23xCFHmYM
Threatray 6'701 similar samples on MalwareBazaar
TLSH T13F663304779283FCF460983A989B96468F6A70D62D3E0580F194DEDD37B722C926F727
TrID 76.2% (.EXE) Inno Setup installer (107240/4/30)
10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.2% (.EXE) Win32 Executable (generic) (4505/5/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter SecuriteInfoCom
Tags:exe Socks5Systemz

Intelligence

File Origin
# of uploads :
1
# of downloads :
277
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468127/
Detection(s):
SecuriteInfo.com.Trojan.Siggen22.39555.29002.19042.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for the window
Searching for synchronization primitives
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Launching the process to interact with network services
Modifying a system file
Creating a file
Creating a service
Launching a process
Enabling autorun for a service
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm control installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/657e75cba6bc59352f2aa336/reports/4249d533-685f-499e-addb-01d030d58f0b/overview
Verdict:
Malicious
Labled as:
Win/grayware_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/2713fa8310ce0b09b1adab2f69986e5935a989122f734f8f1ffe588668036637
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/68df525a-5260-4680-8193-b6b19ef0d43d
Result
Threat name:
Petite Virus, Socks5Systemz
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1363590
Signature
Antivirus / Scanner detection for submitted sample
Changes security center settings (notifications, updates, antivirus, firewall)
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found API chain indicative of debugger detection
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has nameless sections
Query firmware table information (likely to detect VMs)
Snort IDS alert for network traffic
Yara detected Petite Virus
Yara detected Socks5Systemz
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1363590 Sample: SecuriteInfo.com.Trojan.Sig... Startdate: 17/12/2023 Architecture: WINDOWS Score: 100 51 Snort IDS alert for network traffic 2->51 53 Antivirus / Scanner detection for submitted sample 2->53 55 Multi AV Scanner detection for dropped file 2->55 57 8 other signatures 2->57 8 SecuriteInfo.com.Trojan.Siggen22.39555.29002.19042.exe 2 2->8         started        11 svchost.exe 2->11         started        14 svchost.exe 1 2->14         started        16 4 other processes 2->16 process3 file4 45 SecuriteInfo.com.T...555.29002.19042.tmp, PE32 8->45 dropped 18 SecuriteInfo.com.Trojan.Siggen22.39555.29002.19042.tmp 17 71 8->18         started        59 Changes security center settings (notifications, updates, antivirus, firewall) 11->59 21 MpCmdRun.exe 1 11->21         started        61 Query firmware table information (likely to detect VMs) 14->61 signatures5 process6 file7 37 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 18->37 dropped 39 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 18->39 dropped 41 C:\Users\user\AppData\Local\...\_iscrypt.dll, PE32 18->41 dropped 43 99 other files (6 malicious) 18->43 dropped 23 ephonerio.exe 1 15 18->23         started        26 ephonerio.exe 1 2 18->26         started        29 net.exe 1 18->29         started        31 conhost.exe 21->31         started        process8 dnsIp9 49 bggfxbu.com 185.196.8.22, 49708, 49709, 49710 SIMPLECARRER2IT Switzerland 23->49 47 C:\ProgramData\M74Bitrate\M74Bitrate.exe, PE32 26->47 dropped 33 conhost.exe 29->33         started        35 net1.exe 1 29->35         started        file10 process11
Score:
90%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/2713fa8310ce0b09b1adab2f69986e5935a989122f734f8f1ffe588668036637
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2713fa8310ce0b09b1adab2f69986e5935a989122f734f8f1ffe588668036637/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-12-17 04:15:09 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
15 of 23 (65.22%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e4j7vayqzyfqtmnnvmxwtgdole22tcisf5zu7dy77zmim2admy3q._file
Verdict:
suspicious
Similar samples:
04cbe05091761151102b9cffcaf6a1c91e4b4431f521e03dc1c2304a820e04db
Socks5Systemz
05fa357e6559b3b80dd3659baf45d42fbace5782ce6cdc58538eb766571f7567
Socks5Systemz
09f58d1d441dadc8b93982f62b66657487ea60aef468609326a15fd0d9b33c45
Socks5Systemz
0bf4d2ac1712d13b5c0f63072b6f5d4e624417b7f121a27c56397853d46eb007
Socks5Systemz
13054411201b9158073642396f92d1cc9ec35e6a7895aef500a46454d6768e1f
Socks5Systemz
2eacc6c81c9f25c845c68d34813909cc7de26fe3d1292976cac7a44e7586245f
Socks5Systemz
80f9779d1113854bb44f821b87462a6642e4919867a5754c94096b71d05cd61a
Socks5Systemz
836bfd331f9becf071f69796ec1ccf01eadf2874f2459783b209d31c8628bccd
Socks5Systemz
9f946835520f2eb712787c74581a25851375395b5cf6809335fd990d224743e0
Socks5Systemz
a3d6b8ff0ab437b49da263be8a6cc6b974245224c43eb7eb90ca78e8dda514bc
Socks5Systemz
+ 6'691 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/231217-et9ayadgdn/
Behaviour
Runs net.exe
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Unpacked files
SH256 hash:
ad8af7343935a432e63f068c1fcdc7aea75b1bdf1d49de62f492344f829c0451
MD5 hash:
36968b0ba35673cb0c2b63970869ea8a
SHA1 hash:
42915176a0914c01d9a35f153201c21b2f81825e
Detections:
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Link:
https://www.unpac.me/results/1405dec9-140e-435f-965e-07cda7fa7c9e/
Parent samples :
2713fa8310ce0b09b1adab2f69986e5935a989122f734f8f1ffe588668036637
ecbe2e106c346e97213ff6abf4f6f31e911fc70e5cc44094311f9701b30acc9a
4f87fc85d3cc75f3f1f5ccfc0bcf3b9cb2fa2d9abb136ea638bdb2d24f077d42
SH256 hash:
0d68e1b7fd3d5628f23e27aa116e9e7c25238f76c90326522b9922e6f116efea
MD5 hash:
ee56fb665c76806ffceea534458001c6
SHA1 hash:
b3e2a0191ac20de6462c2b04bef80b30b67e0fec
Link:
https://www.unpac.me/results/1405dec9-140e-435f-965e-07cda7fa7c9e/
SH256 hash:
7511a0bc6edb251077e3838dcd82ab7fd2c073ce67fee67ceb54779225b11446
MD5 hash:
e11d367ad4483775d9ae1ed8c14a7d35
SHA1 hash:
9e33c475134b3696779e987748f6512a788ad52c
Link:
https://www.unpac.me/results/1405dec9-140e-435f-965e-07cda7fa7c9e/
SH256 hash:
6b798e32ae9b429ef6393797ccc4fec4a44a3c7b1a43dc0ea2b88a93eda2f1be
MD5 hash:
c188a19b7cb50fd4096e537eca0c8b78
SHA1 hash:
3de6e85b6846d00c222d862fe3d03ae2e23b0358
Link:
https://www.unpac.me/results/1405dec9-140e-435f-965e-07cda7fa7c9e/
SH256 hash:
2713fa8310ce0b09b1adab2f69986e5935a989122f734f8f1ffe588668036637
MD5 hash:
1d440ce22178df52fd4db154a726a67d
SHA1 hash:
afbf17ab12f7016e669ce6f7ddd895a8a0490f68
Link:
https://www.unpac.me/results/1405dec9-140e-435f-965e-07cda7fa7c9e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2713fa8310ce0b09b1adab2f69986e5935a989122f734f8f1ffe588668036637

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/468127/

Comments