MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socks5Systemz


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182
SHA3-384 hash: 39dfb0469003c263b528f646e1a0b2e23e55ebe253827f30cfef6b7068fd49c366a6a6a48aa6baf0f0e471d16364a0e2
SHA1 hash: d84b6650f40e210dcee6d9ea60b477fc5c9b417a
MD5 hash: 85718b6f98eaf1259aa16aa128cb90be
humanhash: glucose-xray-rugby-lemon
File name:SecuriteInfo.com.Other.Malware-gen.8481.17771
Download: download sample
Signature Socks5Systemz
Create hunting rule
File size:7'335'412 bytes
First seen:2023-12-16 11:16:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'564 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 196608:CAb4Ov/Hirx7Tc8WfIpevtyEDj88cnEhIkmZszj:Chcirx7g4pq88aZszj
Threatray 6'962 similar samples on MalwareBazaar
TLSH T1F37633E1A220D4F2F81367B1582092500E353AC452F444CCB5FEAB9FDE7A48F9E56B57
TrID 76.2% (.EXE) Inno Setup installer (107240/4/30)
10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.2% (.EXE) Win32 Executable (generic) (4505/5/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter SecuriteInfoCom
Tags:exe Socks5Systemz

Intelligence

File Origin
# of uploads :
1
# of downloads :
290
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/467997/
Detection(s):
SecuriteInfo.com.Other.Malware-gen.8481.17771.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Creating a service
Sending a custom TCP request
Searching for the window
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Modifying a system file
Enabling autorun for a service
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/657d8735eabaed070170a0eb/reports/e5da69a4-d195-4035-bfdc-38f17c6e6299/overview
Verdict:
Suspicious
Labled as:
HEUR/AGEN.1332570
Link:
https://www.hybrid-analysis.com/sample/82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/bfeb533c-2a4a-48b6-ad37-0330961008a3
Result
Threat name:
Petite Virus, Socks5Systemz
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1363344
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
PE file has nameless sections
Snort IDS alert for network traffic
Yara detected Petite Virus
Yara detected Socks5Systemz
Behaviour
Behavior Graph:
Download SVG
Score:
75%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-12-16 11:17:09 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
10 of 23 (43.48%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ql72uaoawwchhgpg4iipcagskwpo75tfd7qkobzvyhwt6dwmcgba._file
Verdict:
malicious
Similar samples:
19aaa18d707ab1a3cb98c4a257c1cd8e8e2594b697aaffc2687539583810a653
Socks5Systemz
23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768
Socks5Systemz
2b0e4fee1aedd6e8086586de08ca3880e1d7c20e17047a6bf4b2d2e874998b18
Socks5Systemz
41c26911be2b0a6de90a3b718748347aad4584d1f1d98b01c3caa1bb8e337d5c
Socks5Systemz
70d4763fe44cc63198b5cd53bc6ca94bf327b5590d1bfb1fc2703ad076c21bd7
Socks5Systemz
aace929793e89d54fc77801417b9ebd301f51ab027f2b10475279b01aa48368c
Socks5Systemz
e7c4b80592d5fdaa4598290ad94595aa1729ee3f21afd24b52d9eaf2a215d25e
Socks5Systemz
+ 6'952 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/231216-ndp2sscff5/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Unpacked files
SH256 hash:
860ce6b152a3e12ca0336d114c24a7c266aa0b16e033a1388a69d11c21777fb9
MD5 hash:
0edd953d13c6dabd5abcf327e5f28a56
SHA1 hash:
aa419577cbaf4a85102fcbc72ddaa3396a3398b5
Detections:
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Link:
https://www.unpac.me/results/801d2638-2939-4dae-9dd9-0118dbfc7e92/
Parent samples :
e7c4b80592d5fdaa4598290ad94595aa1729ee3f21afd24b52d9eaf2a215d25e
aace929793e89d54fc77801417b9ebd301f51ab027f2b10475279b01aa48368c
19aaa18d707ab1a3cb98c4a257c1cd8e8e2594b697aaffc2687539583810a653
82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182
6de07b921c1697555b4ca043c5a1b8bd75356c92e23d6a472b30b46966476863
99f303475707b9d778b855f038c8b8c42104c753bd5fa26c168b25a7e552a0f9
22a14d248853472bf27c94cc3b506b524673f5c52823b7e6bd470e067c34a3e9
095d7b0323e51f4021e79bcce8d6baeb38174389157fa8d4bc2aac62d4062011
5c152b98e5ac68338e444fe2dc0edf6bf17d5d457798815e400950d8cba68452
SH256 hash:
bfe1ab607dfba71517a995a31be6628c8673dc723660804fd30f374d3989359c
MD5 hash:
e82f019ab3c2e83c05abd197c7912003
SHA1 hash:
a705c9f56bc7d7d0c6591d23337d89fdbabce756
Link:
https://www.unpac.me/results/801d2638-2939-4dae-9dd9-0118dbfc7e92/
SH256 hash:
b247ce830f7d47aad90da3a421fb313401784d5d6badaeb1fe7292d4cec97f30
MD5 hash:
485ead67d50861f5677b59409bb31f0d
SHA1 hash:
a059d44de1bf970fb4d3ffcfca49ba8995fe5096
Link:
https://www.unpac.me/results/801d2638-2939-4dae-9dd9-0118dbfc7e92/
SH256 hash:
d4f52b7d966c476dee40c677a9d9f224e55c592ee287660cd292e91eccd11848
MD5 hash:
9824254bb5cd741b93eec8e623580685
SHA1 hash:
0de975cd3955849f4c668eed5bb5f8b45f940d36
Link:
https://www.unpac.me/results/801d2638-2939-4dae-9dd9-0118dbfc7e92/
SH256 hash:
82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182
MD5 hash:
85718b6f98eaf1259aa16aa128cb90be
SHA1 hash:
d84b6650f40e210dcee6d9ea60b477fc5c9b417a
Link:
https://www.unpac.me/results/801d2638-2939-4dae-9dd9-0118dbfc7e92/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/82ffaa01c0b5847399e6e210f100d2559eeff6651fe0a70735c1ed3f0ecc1182

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/467997/

Comments