MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53e50385fc6d8487d5c5182809f509e6edc593362bb6923253e4ac39763428b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socks5Systemz


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53e50385fc6d8487d5c5182809f509e6edc593362bb6923253e4ac39763428b2
SHA3-384 hash: f8885d61bf0d7018e8db40cc55db10f598a31f2dcd53e070f7f831528c9f7d3308bfc37efab6a64906c58a891c906464
SHA1 hash: 82ca8107ce1081c91121443be5734eb598eb5cc3
MD5 hash: 4dcedf49512c1bca4b4afd339acb37e5
humanhash: ohio-diet-pizza-wyoming
File name:SecuriteInfo.com.Trojan.Siggen22.37886.12080.7326
Download: download sample
Signature Socks5Systemz
Create hunting rule
File size:7'433'319 bytes
First seen:2023-12-16 02:21:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'455 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 196608:LwR0NHTp0X4K7AhSHjFSaP6IYD5VO6C2LcQMYDUszj:kR0NHTo6SH0a9YK6C2AQMYDUszj
Threatray 4'516 similar samples on MalwareBazaar
TLSH T1317633112D278D78F420EBFA6F52E0721B6FEA9D9DBD098968AD070CDF5D44138A8253
TrID 76.2% (.EXE) Inno Setup installer (107240/4/30)
10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.2% (.EXE) Win32 Executable (generic) (4505/5/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon fc66d8c8ead8b0b4 (212 x Socks5Systemz)
Reporter SecuriteInfoCom
Tags:exe Socks5Systemz

Intelligence

File Origin
# of uploads :
1
# of downloads :
258
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/467846/
Detection(s):
SecuriteInfo.com.Trojan.Siggen22.37886.12080.7326.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for the window
Searching for synchronization primitives
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Launching a process
Modifying a system file
Creating a file
Creating a service
Launching the process to interact with network services
Sending a custom TCP request
Enabling autorun for a service
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control installer lolbin masquerade overlay packed shell32
Link:
https://www.filescan.io/uploads/657d09cbd48681e0d661f247/reports/ec0643bd-2ed2-4c40-bcdc-22eab8719ef7/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/53e50385fc6d8487d5c5182809f509e6edc593362bb6923253e4ac39763428b2
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/6ed3382c-8478-4fbd-b9b2-9f6ba1c21546
Result
Threat name:
Petite Virus, Socks5Systemz
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1363170
Signature
Antivirus / Scanner detection for submitted sample
Changes security center settings (notifications, updates, antivirus, firewall)
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Multi AV Scanner detection for dropped file
PE file has nameless sections
Query firmware table information (likely to detect VMs)
Snort IDS alert for network traffic
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Petite Virus
Yara detected Socks5Systemz
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1363170 Sample: SecuriteInfo.com.Trojan.Sig... Startdate: 16/12/2023 Architecture: WINDOWS Score: 100 56 Snort IDS alert for network traffic 2->56 58 Antivirus / Scanner detection for submitted sample 2->58 60 Multi AV Scanner detection for dropped file 2->60 62 7 other signatures 2->62 8 SecuriteInfo.com.Trojan.Siggen22.37886.12080.7326.exe 2 2->8         started        11 svchost.exe 2->11         started        14 svchost.exe 1 2->14         started        16 3 other processes 2->16 process3 file4 50 SecuriteInfo.com.T...7886.12080.7326.tmp, PE32 8->50 dropped 18 SecuriteInfo.com.Trojan.Siggen22.37886.12080.7326.tmp 17 76 8->18         started        66 Changes security center settings (notifications, updates, antivirus, firewall) 11->66 22 MpCmdRun.exe 2 11->22         started        68 Query firmware table information (likely to detect VMs) 14->68 signatures5 process6 file7 42 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 18->42 dropped 44 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 18->44 dropped 46 C:\Users\user\AppData\Local\...\_iscrypt.dll, PE32 18->46 dropped 48 106 other files (83 malicious) 18->48 dropped 64 Uses schtasks.exe or at.exe to add and modify task schedules 18->64 24 APhoneLIB.exe 1 15 18->24         started        27 APhoneLIB.exe 1 2 18->27         started        30 net.exe 1 18->30         started        32 schtasks.exe 1 18->32         started        34 conhost.exe 22->34         started        signatures8 process9 dnsIp10 54 bmpooai.com 185.196.8.22, 49709, 49710, 49711 SIMPLECARRER2IT Switzerland 24->54 52 C:\ProgramData\M73Bitrate\M73Bitrate.exe, PE32 27->52 dropped 36 conhost.exe 30->36         started        38 net1.exe 1 30->38         started        40 conhost.exe 32->40         started        file11 process12
Score:
84%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/53e50385fc6d8487d5c5182809f509e6edc593362bb6923253e4ac39763428b2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/53e50385fc6d8487d5c5182809f509e6edc593362bb6923253e4ac39763428b2/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-12-16 02:22:07 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
10 of 23 (43.48%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kpsqhbp4nwcipvofdauat5ij43w4lezwfo3jemst4swds5rufcza._file
Verdict:
unknown
Similar samples:
04d4c1c8a0aed825a76614f537d306d923449f013915554e7f5244fe2341e613
Socks5Systemz
17f56b6dff9af6909f7af58f3741d852cba1b4a43173d52df7aeff41e652ba01
Socks5Systemz
4321dc69344b59a9878d8653aa067c5ccd08e6767817a88b6af2025a6b21d9ee
Socks5Systemz
4c4b1285f2c743c119b207e0c5e86fa08727c42ea54ba33955d6a8276d6143f1
Socks5Systemz
b4f2b00cf8e247dd2901534a2760576f3fc833a9c7cebb087c16c88d80902c7b
Socks5Systemz
cd28c2b386e56da519693d21136f82aeb7c0219d3a167b086fb7b38ddef5ed31
Socks5Systemz
d1b36c647a24cc669a9fc34beced83af1c25b3673b04976d6a45910bf898e7fa
Socks5Systemz
d327420b74be3a3c7e8720d24125e15a848bfcc194349361ef67391e1a2e15f1
Socks5Systemz
deaef689e01650a3a15f72ae2e6176cc68fd23a384f5987036e4e1e9bf39aa07
Socks5Systemz
ffcb64242dc4bc58c1160f7034f266e673b83469a0bc00ee666ab0f4e3eae463
Socks5Systemz
+ 4'506 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/231216-ctklgabeb8/
Behaviour
Runs net.exe
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Unpacked files
SH256 hash:
c9278f17730a4078d3b28e349d31dbdab961d8b61aab7b710f088d0f03a033c8
MD5 hash:
dcd2f5ab1e14cdd37fa4de9cac79f521
SHA1 hash:
c87577e55433a5f51080374337467a66283f0c68
Link:
https://www.unpac.me/results/c4004eee-306d-459b-a68d-33be67164784/
SH256 hash:
a1e0fa19ee63938c571cd10f5ea66111e821a1a6e7239ffaeed2d9058e252cbf
MD5 hash:
d7ee0c1379532437cdf985104ae51280
SHA1 hash:
29e8c69b74f6973c2bf793df8d5549b8de1bb0e9
Detections:
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Link:
https://www.unpac.me/results/c4004eee-306d-459b-a68d-33be67164784/
Parent samples :
ffcb64242dc4bc58c1160f7034f266e673b83469a0bc00ee666ab0f4e3eae463
1b1dcad96ebadbf53e8577fc2ff85a1e60c66ab7637e151be5ec76a7d3c49fcc
deaef689e01650a3a15f72ae2e6176cc68fd23a384f5987036e4e1e9bf39aa07
0a9e085bdc3b2f4c12708778191e2332487b79911f847a5dc330cabbb7aa2cc8
ed104e1e68b9edf23ab4c1852d6ff85f40310035810793062f0baba7e34ed6f0
b4f2b00cf8e247dd2901534a2760576f3fc833a9c7cebb087c16c88d80902c7b
58d48d797a2a1b4a2097229891e998abf09a0e2bab60b575cbf392faf1e5f466
cd28c2b386e56da519693d21136f82aeb7c0219d3a167b086fb7b38ddef5ed31
04d4c1c8a0aed825a76614f537d306d923449f013915554e7f5244fe2341e613
4321dc69344b59a9878d8653aa067c5ccd08e6767817a88b6af2025a6b21d9ee
d1b36c647a24cc669a9fc34beced83af1c25b3673b04976d6a45910bf898e7fa
20c9b9022fb2001122ab5e196fb45a61d974e4431f83ee807733a118b42f0585
ae34ec684fee6f7fdfb19e204e03d5b889e48279f05eceeccb9d8124da988be0
17f56b6dff9af6909f7af58f3741d852cba1b4a43173d52df7aeff41e652ba01
4c4b1285f2c743c119b207e0c5e86fa08727c42ea54ba33955d6a8276d6143f1
d327420b74be3a3c7e8720d24125e15a848bfcc194349361ef67391e1a2e15f1
b1c76a1e87778e2063aac79a04de116f03cfd5e5a7773a1c9057104c3ffe2234
693083b365d388c55dc00006b552a940963f037ac43875ca46baf27580b2b523
1ab80cf8d4e831465c7e6d300cde5017d665fd1ce07d56616a151cdb17f194bb
01f31cea2568b0263cac8de1d8c94b6216abeabf6bdfc4daa04115aeccf42281
d35340122ee5ec8eb07212f3b00c45cc44bc5a721340b23a3c7e30e2a3dba54c
b0743375ef4bb439fd9b5cf5c4a05dea698bf4438777478dfe7fbed7e78fc265
0256cc4197cb0219c9d01c550d78e3136aa020fa008bd682f0888e9f2d67c349
7ee8172c64a4b5674fa630d72fc875b96477e68493df1b371f2c0001de676b51
b634ee6196ca78c4069e56039c6c34e60db1160e90e1f3e96a17974234daa42f
f7d09590e047fff5a7df489041890f5b18650d65e92932f5be1b644abbc880cb
a2dd01523e711d036fa818fa32f3e335c79831094cec01d38b9b0d2ade4c3d68
5745e219525e4df1926eb167139bc9a8d8a46c1328e776e64ffc35c2d031b4ba
da6ccbbec542fa2920f1b855c955a5fdffb92cf2d82fbe40857d4f9becee23c2
53e50385fc6d8487d5c5182809f509e6edc593362bb6923253e4ac39763428b2
fb15af9973a4e06f860c70fbacf6a23a606de802b326f6934ab401e0c841f182
f44a7673304f107b4af0d9453fb23642ba35ef08864d762a65342913a3a06fb3
4f93c821262f676f2bab4ac8a1604268f51d1391366f78ab4f7cbd08be01ad20
c5336d8b8ad8402a25d3b2fb069b7baf1e404f73abf909def0576dbcfe686f3b
781eb20f75e153516d9fb8cf1ee1b69e08953e086f9d51e9bfac56073cf9ab97
72c879ea72a48161e9d532d1e890b8afef5ebee60eeb08233aa92aeeddfc342f
dad29a94dba314afb18b07f096bb5379782d50b4d21183b4e753da59e36565ed
c80cebe83df3b1d35f707a8425d338d774996e2d9b4b6e3a1e1d4f4bd51eefd1
6931588d0c5174ea0b36b44d63a9442446f7f6dddb3bf72bb79e75ff279fedcf
c143e16b712f847cec9b3fae7d127c1ecf8c2a288eef30e0237324b198f9ec86
ca0c1fc69051889a26ccb03794718f045fed8e5c76631f4a9331dfc25fbb38ad
c31a900da9f5e94836a84dd9c03e72dea136c3a4b2944c3f54d47b2548c7cb07
885d5191e5e9a115563631b727e20c9bd3764c1bdd6d206d6a065f8f8e8d605b
01c4fafaf42ce88ab17b53c794ff5c8fb6f78912f9ec6382aac561158e6a7056
8881d8a9622b6b1458eb15f3e47ebf5c59e8409dec7f38b15259cdfc68bc8cdc
5154a2f7bfa2d3d579f51f534574d5d272fcc3164608d585fab0810759aca305
5d4cc70bc777ea2c8d4607bce35ac1e060a9e53e9df9b52c689daa0de8bb453a
SH256 hash:
96d2fe297f67cd9a3dcd395746fc3fd64169fb6b50688d0032dfa168ca79070f
MD5 hash:
181abdc0c5c80d909579ad374a9716a8
SHA1 hash:
a2f6ef3cd3234e9f64123d843fc35f2c9c85f309
Link:
https://www.unpac.me/results/c4004eee-306d-459b-a68d-33be67164784/
SH256 hash:
444c9128114c59e174dec3a243760f73843021b91cfab7959d71ee03b569c63c
MD5 hash:
c3f876aa5806a3e6815dc841a792f5bd
SHA1 hash:
83e3fdff1e387991c69d69d4cc6f53182d52131b
Link:
https://www.unpac.me/results/c4004eee-306d-459b-a68d-33be67164784/
SH256 hash:
53e50385fc6d8487d5c5182809f509e6edc593362bb6923253e4ac39763428b2
MD5 hash:
4dcedf49512c1bca4b4afd339acb37e5
SHA1 hash:
82ca8107ce1081c91121443be5734eb598eb5cc3
Link:
https://www.unpac.me/results/c4004eee-306d-459b-a68d-33be67164784/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/53e50385fc6d8487d5c5182809f509e6edc593362bb6923253e4ac39763428b2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/467846/

Comments