MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socks5Systemz


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117
SHA3-384 hash: 2a003074be800be12b1bad58b480ae97850b8928c86c4f082e86f77f5a771466029da9c2836e128319221f93fa568cca
SHA1 hash: 90e05909e9be4fa7cb483446d44ead75192607a7
MD5 hash: b243135cb3713c3c092fe078eb01e1e7
humanhash: crazy-nineteen-table-oklahoma
File name:b243135cb3713c3c092fe078eb01e1e7
Download: download sample
Signature Socks5Systemz
Create hunting rule
File size:7'447'052 bytes
First seen:2023-12-15 15:59:15 UTC
Last seen:2023-12-15 17:21:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'453 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 196608:4JcIMVr6m+qQPAq9CezsurXLQ9LEQ9hSHwrjpJdPYOuCnYxbhtzj:jn/UPhKughQwfLdiWYhtzj
Threatray 4'313 similar samples on MalwareBazaar
TLSH T1E9763320B692C077D2212F74260DDAABEB42FC987574786D3ADDED5ECB0189D001DF6A
TrID 76.2% (.EXE) Inno Setup installer (107240/4/30)
10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.2% (.EXE) Win32 Executable (generic) (4505/5/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon 6060d8c8ead8b0b4 (29 x Socks5Systemz)
Reporter zbetcheckin
Tags:32 exe Socks5Systemz

Intelligence

File Origin
# of uploads :
2
# of downloads :
271
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/467578/
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.2292.30721.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for the window
Searching for synchronization primitives
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Modifying a system file
Creating a file
Creating a service
Enabling autorun for a service
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/657c7803b855eb3693dd723d/reports/5a7f3c07-2d92-45c6-8850-c950367dd053/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/9e694360-6a55-411c-a08e-9b1761a08457
Result
Threat name:
Petite Virus, Socks5Systemz
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1362760
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has nameless sections
Snort IDS alert for network traffic
Yara detected Petite Virus
Yara detected Socks5Systemz
Behaviour
Behavior Graph:
Download SVG
Score:
93%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-12-15 16:00:07 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
7 of 37 (18.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=po3ag7cshpicmrosp4wayedeecgumwe33tuju7tfhfuhvjymkelq._file
Verdict:
suspicious
Similar samples:
0a86a03eb33ca09a55c10959585ba22b57d7b6c5d773f3fb3aa7185a621a6931
Socks5Systemz
2ca3143628b515dc17d272e6986ae740b49e731b2a886e38fbfe9a159740b420
Socks5Systemz
4c841dd15c0f4f5585bfb94c3634ec3cddad913aae4e79c78f24b467aeece4e7
Socks5Systemz
6580b3c3472499517ce0feb56e824d9f7c79d9335430160d2f4516c7066ef93f
Socks5Systemz
6c997357d37e49570db5aeb5c982fd437743c7119908935cc96f60be6c92535a
Socks5Systemz
6e0ccbd59707ff8aa7b292f0978498980b3ee813cb124bf09263b5ba68bbd0c7
Socks5Systemz
c2e55f0a100ae9d0de039823ce47857095951cc1686aa32a82b07490d39f20fd
Socks5Systemz
e230ccbb4cb095229c887d716f60d6827e262e0aa014ffc841d7739085011b19
Socks5Systemz
e4109841b90effae706bf8a179d14fb4235092a5700fb88caa92ca73bbd10837
Socks5Systemz
+ 4'303 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/231215-tfmx4sefel/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Unpacked files
SH256 hash:
bfe1ab607dfba71517a995a31be6628c8673dc723660804fd30f374d3989359c
MD5 hash:
e82f019ab3c2e83c05abd197c7912003
SHA1 hash:
a705c9f56bc7d7d0c6591d23337d89fdbabce756
Link:
https://www.unpac.me/results/feea1d0b-6e3b-4932-a44a-92758dc7c532/
SH256 hash:
d9460bbfb0c1ec873189af816aa1faaa9c5461da03b5bf9293ae3bf5ae552fb6
MD5 hash:
148888a24b7194b1ae7409145d3cd7eb
SHA1 hash:
69b584ca848479c2cbca7b0e8c8a126492d4c3b1
Detections:
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Link:
https://www.unpac.me/results/feea1d0b-6e3b-4932-a44a-92758dc7c532/
Parent samples :
dc65301b2065d587ca771f25bcaa129bc40dfef2294a54d5766075befe960079
23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768
7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117
41c26911be2b0a6de90a3b718748347aad4584d1f1d98b01c3caa1bb8e337d5c
SH256 hash:
0b98e289a736b5c1d27816f48abda7bfe8e0b08c5e81b5f40cc01c93a49a45c3
MD5 hash:
261103ff11a256ec9da51da1d3425e81
SHA1 hash:
acf3ab6ae22a972fa12e5cb0e4beff14ce9b53de
Link:
https://www.unpac.me/results/feea1d0b-6e3b-4932-a44a-92758dc7c532/
SH256 hash:
d4f52b7d966c476dee40c677a9d9f224e55c592ee287660cd292e91eccd11848
MD5 hash:
9824254bb5cd741b93eec8e623580685
SHA1 hash:
0de975cd3955849f4c668eed5bb5f8b45f940d36
Link:
https://www.unpac.me/results/feea1d0b-6e3b-4932-a44a-92758dc7c532/
SH256 hash:
7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117
MD5 hash:
b243135cb3713c3c092fe078eb01e1e7
SHA1 hash:
90e05909e9be4fa7cb483446d44ead75192607a7
Link:
https://www.unpac.me/results/feea1d0b-6e3b-4932-a44a-92758dc7c532/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Socks5Systemz

Executable exe 7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/467578/

Comments


Avatar
zbet commented on 2023-12-15 15:59:16 UTC

url : hxxp://hitsturbo.com/order/tuc6.exe