MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62b2611c09d13ec267ac23f032ea5ea3c449599e45f0fb1dd6ea793f7cae1337. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Socks5Systemz

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	62b2611c09d13ec267ac23f032ea5ea3c449599e45f0fb1dd6ea793f7cae1337
SHA3-384 hash:	ee0ade797f7860e0165ab1a743df28d11afb8e786441b2860851f892ce8a0f00b2e76f9c1f429826b0ec459e5fbe6ec6
SHA1 hash:	c2dc343bb29409b0bf66a8d5fd0693cc21b4820f
MD5 hash:	1549d3424d3199d3292bd602d4f8eaa0
humanhash:	michigan-eleven-bluebird-mirror
File name:	SecuriteInfo.com.Trojan.Siggen22.39556.27057.11759
Download:	download sample
Signature	Socks5Systemz Create hunting rule
File size:	6'879'506 bytes
First seen:	2023-12-17 04:14:54 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'456 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep	196608:eJt6sRO0e6O9qJ+jao1Ncz1RROoBqvL7UEF:m6sRO09oHjdrc5RRO1jY+
Threatray	6'700 similar samples on MalwareBazaar
TLSH	T1206633BFEDB94CB5C2E5993FCEB08465C3070AE118D5009C1ADC961CBE67F583225BA6
TrID	76.2% (.EXE) Inno Setup installer (107240/4/30) 10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4) 4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.2% (.EXE) Win32 Executable (generic) (4505/5/1) 1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):
dhash icon	b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

334

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/468149/

Detection(s):

SecuriteInfo.com.Trojan.Siggen22.39556.27057.11759.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Сreating synchronization primitives

Searching for the window

Searching for synchronization primitives

Creating a file in the Program Files subdirectories

Moving a file to the Program Files subdirectory

Modifying a system file

Creating a file

Creating a service

Sending a custom TCP request

Enabling autorun for a service

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

control installer lolbin overlay packed shell32

Link:

https://www.filescan.io/uploads/657e75e96b1c246046f7df44/reports/3c5f722c-844b-4f88-b5de-b81670ba502c/overview

Verdict:

Suspicious

Labled as:

HEUR/AGEN.1332570

Link:

https://www.hybrid-analysis.com/sample/62b2611c09d13ec267ac23f032ea5ea3c449599e45f0fb1dd6ea793f7cae1337

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/0d7d33d8-4c72-44de-8a96-175d7ad6d988

Result

Threat name:

Petite Virus, Socks5Systemz

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1363568

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to infect the boot sector

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Multi AV Scanner detection for submitted file

PE file has nameless sections

Snort IDS alert for network traffic

Yara detected Petite Virus

Yara detected Socks5Systemz

Behaviour

Behavior Graph:

Download SVG

Score:

90%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/62b2611c09d13ec267ac23f032ea5ea3c449599e45f0fb1dd6ea793f7cae1337

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/62b2611c09d13ec267ac23f032ea5ea3c449599e45f0fb1dd6ea793f7cae1337/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2023-12-17 04:16:06 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

14 of 23 (60.87%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=mkzgchaj2e7mez5mepydf2s6upceswm6ixypwhow5j4t67focm3q._file

Verdict:

suspicious

Socks5Systemz

23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768

Socks5Systemz

41c26911be2b0a6de90a3b718748347aad4584d1f1d98b01c3caa1bb8e337d5c

Socks5Systemz

4a7cf5184e2783b39d31b1f14bdf8c5e65c8264087ca384eff8c290d25921d11

Socks5Systemz

599119c9efb698ce9ce8c82b2f26ce5890ac5c2154be16240598701e93221e9d

Socks5Systemz

6a1edaddbee0de4f66de7a99c007baa8ba9ad297d3a7e0d750b8f27fe6154486

Socks5Systemz

70d4763fe44cc63198b5cd53bc6ca94bf327b5590d1bfb1fc2703ad076c21bd7

Socks5Systemz

7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117

Socks5Systemz

ce545b283c8bab1e754150d94d56048121b3632040b8cbc914341a68164d29f1

Socks5Systemz

e06defad3a1b0960a0abd7a85ace5ea601ae87b11e330903fdc6c9bc71d32471

Socks5Systemz

+ 6'690 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/231217-evb2tsfbb5/

Behaviour

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Drops file in Program Files directory

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Unpacked files

SH256 hash:

bfe1ab607dfba71517a995a31be6628c8673dc723660804fd30f374d3989359c

MD5 hash:

e82f019ab3c2e83c05abd197c7912003

SHA1 hash:

a705c9f56bc7d7d0c6591d23337d89fdbabce756

Link:

https://www.unpac.me/results/f4b4e7fa-4efa-460b-8124-d4ae294c5aeb/

SH256 hash:

e5e4e5eec982c5486c9591a1df3f1c118761215b1c2760412122c916a8fd5d77

MD5 hash:

fa1d6a318e8819954e449bf30312a6f0

SHA1 hash:

00251cb7cd335354809cd41c0edb78920e9e3267

Detections:

INDICATOR_EXE_Packed_VMProtect

Link:

https://www.unpac.me/results/f4b4e7fa-4efa-460b-8124-d4ae294c5aeb/

Parent samples :

59099c8a4c956796160d3d4b892b1a1e9cfd1ba9bc080586a9138d2b16feca91
faac17080796a33c4f3be0d50d3a51e07f7d383daac7394b6cfa7a46e94e83ba
50deae409fb59a34e979ff03ca4275e42ee84244bc0c0ab9969fae5d7bbfb170
599119c9efb698ce9ce8c82b2f26ce5890ac5c2154be16240598701e93221e9d
62b2611c09d13ec267ac23f032ea5ea3c449599e45f0fb1dd6ea793f7cae1337

SH256 hash:

67fc1edd2adc49516b9a0d25e49fc53a2c2ec97b53d13c60eeda76a219244366

MD5 hash:

20a34c1d79cf4ab33c502ab1117f0125

SHA1 hash:

6f5e7a94f2136dbbae295e57f577e017cf0137c1

Link:

https://www.unpac.me/results/f4b4e7fa-4efa-460b-8124-d4ae294c5aeb/

SH256 hash:

5d473efdb703d0273eebfce04757030b74cbeb267f83b64a1a3eeacdea0341c9

MD5 hash:

7a93397975e0d52c051e941b015efe8e

SHA1 hash:

3aeeb638fa76b5644db440a3d08498c6d02a799e

Link:

https://www.unpac.me/results/f4b4e7fa-4efa-460b-8124-d4ae294c5aeb/

SH256 hash:

62b2611c09d13ec267ac23f032ea5ea3c449599e45f0fb1dd6ea793f7cae1337

MD5 hash:

1549d3424d3199d3292bd602d4f8eaa0

SHA1 hash:

c2dc343bb29409b0bf66a8d5fd0693cc21b4820f

Link:

https://www.unpac.me/results/f4b4e7fa-4efa-460b-8124-d4ae294c5aeb/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/62b2611c09d13ec267ac23f032ea5ea3c449599e45f0fb1dd6ea793f7cae1337

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/468149/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample