MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 838e77f8eccdad19dbb7dbce3efaa028ca5279bcc6105918cdb2666b78b1bc80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Socks5Systemz

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	838e77f8eccdad19dbb7dbce3efaa028ca5279bcc6105918cdb2666b78b1bc80
SHA3-384 hash:	5bbcf4460dac33dbc13d34af2c3220412dfeeef8bc12a3ecb6da22c6e7a71b3b2f6370c9619588e5617a854d307645c6
SHA1 hash:	b4ba9ca8aaa4d90ac98a85a56c2ad6f33c56ca42
MD5 hash:	a1c3d4c34bdfb043a753bacd01d8cca8
humanhash:	blossom-double-skylark-may
File name:	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.21224.4683
Download:	download sample
Signature	Socks5Systemz Create hunting rule
File size:	7'415'639 bytes
First seen:	2023-12-16 18:30:14 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'507 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep	196608:CEmC0veCyzfTNSSjaUnPvacdw0tm6nkLUDaUNd4w3H3fz5AxAzj:lFTgSjLXac6l63mU/4WH375Aqzj
Threatray	5'714 similar samples on MalwareBazaar
TLSH	T1177633C70A28463DC6EA77738B13D921BB6179D69F2A5496C4CF9F4B3734340A04B7A2
TrID	76.2% (.EXE) Inno Setup installer (107240/4/30) 10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4) 4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.2% (.EXE) Win32 Executable (generic) (4505/5/1) 1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):
dhash icon	b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter	SecuriteInfoCom
Tags:	exe Socks5Systemz

Intelligence

File Origin

# of uploads :

# of downloads :

292

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/468091/

Detection(s):

SecuriteInfo.com.Trojan-Dropper.Win32.Agent.21224.4683.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Сreating synchronization primitives

Searching for synchronization primitives

Creating a file in the Program Files subdirectories

Moving a file to the Program Files subdirectory

Modifying a system file

Creating a file

Creating a service

Enabling autorun for a service

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

control installer lolbin masquerade overlay packed shell32

Link:

https://www.filescan.io/uploads/657deceab855eb3693dfcaba/reports/59b66353-e11d-4731-a9d4-b435498ae47b/overview

Verdict:

Suspicious

Labled as:

HEUR/AGEN.1332570

Link:

https://www.hybrid-analysis.com/sample/838e77f8eccdad19dbb7dbce3efaa028ca5279bcc6105918cdb2666b78b1bc80

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/d2791247-c535-43a3-86cd-b5cf878f4bbd

Result

Threat name:

Petite Virus, Socks5Systemz

Detection:

malicious

Classification:

troj.evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/1363482

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to infect the boot sector

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

PE file has nameless sections

Snort IDS alert for network traffic

Yara detected Petite Virus

Yara detected Socks5Systemz

Behaviour

Behavior Graph:

Download SVG

Score:

89%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/838e77f8eccdad19dbb7dbce3efaa028ca5279bcc6105918cdb2666b78b1bc80

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/838e77f8eccdad19dbb7dbce3efaa028ca5279bcc6105918cdb2666b78b1bc80/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2023-12-16 18:31:07 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

10 of 23 (43.48%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qohhp6hmzwwrtw5x3phd56vafdffe6n4yyifsggnwjtgw6frxsaa._file

Verdict:

suspicious

Socks5Systemz

217df8cd01e5af2f457b03c2ebfb63ced5bacc707a6f6e724529bb2c6e45f2fd

Socks5Systemz

4c63b8f4645abecb4338b18559dc7842f53986eaf995cce1530ff6abf47a9931

Socks5Systemz

5c1da2ce38eeabe2446e5a2a307375d9347d1c8fad889a66e20557d56a462c08

Socks5Systemz

6a22fc2645b681fc5f5127f7f93841ca55cc43aaf981f6f0b0417e5cc6c576ef

Socks5Systemz

8a11bf8ffb84d5d1f36ef191d8c4e2720f9a203599cb494f4e426ecbc37c7c8b

Socks5Systemz

a386c4dc920a0710b5c76d13d517660e07a1ef4a693b91a87318e8e27e8b1566

Socks5Systemz

b34626190e49b22695c237a7579e0ed034a05ea8580e32519cfec26d387e9df2

Socks5Systemz

bf9d6e57e46938bd0258205bdc5ac050d12b5659e445484e7815f891fa38c469

Socks5Systemz

f7cfade013d7ba71d5e7824120610fd4e0519ba6ae88f3bdfc088fab73dab2c1

Socks5Systemz

+ 5'704 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/231216-w525faceeq/

Behaviour

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Drops file in Program Files directory

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Unpacked files

SH256 hash:

bfe1ab607dfba71517a995a31be6628c8673dc723660804fd30f374d3989359c

MD5 hash:

e82f019ab3c2e83c05abd197c7912003

SHA1 hash:

a705c9f56bc7d7d0c6591d23337d89fdbabce756

Link:

https://www.unpac.me/results/b4356a7a-2ffc-45d0-9b53-cc9c5668ae62/

SH256 hash:

6d62cad9e0c25b1ad0fe2cfb610b9ff62089f742abf03ff93501147e08b1ddd3

MD5 hash:

d6067a28ac4dad4afa63a10245cf9ea8

SHA1 hash:

68bc157ee8302e16af2873b284ed1a52778a7572

Detections:

INDICATOR_EXE_Packed_VMProtect

Link:

https://www.unpac.me/results/b4356a7a-2ffc-45d0-9b53-cc9c5668ae62/

Parent samples :

5c1da2ce38eeabe2446e5a2a307375d9347d1c8fad889a66e20557d56a462c08
8ebf7fcb9d444aa84cf533dcab54c97c6699248596c61ea911bc91b06a304611
838e77f8eccdad19dbb7dbce3efaa028ca5279bcc6105918cdb2666b78b1bc80

SH256 hash:

53cd0304d9f3b68e2321b674395001cd2cf73c497c6facd381660a69dc469c26

MD5 hash:

904eea39860f78491f77363ae26e3bfb

SHA1 hash:

f9398082bb8bc56e61d7c5b69a836e7a94753778

Link:

https://www.unpac.me/results/b4356a7a-2ffc-45d0-9b53-cc9c5668ae62/

SH256 hash:

ec5648ec58addfb0a418a711101718bbb9a973216d945881bdae5fdb3d96182c

MD5 hash:

b7e24f715718a4643875889233cd9982

SHA1 hash:

99ea389ac2b7713c6f6d6d17a945f5b08cb9f1bf

Link:

https://www.unpac.me/results/b4356a7a-2ffc-45d0-9b53-cc9c5668ae62/

SH256 hash:

27adebd1bc841aac16dfe734b43012466fc9d4db9700a9e6898ceabdcbb8f9cb

MD5 hash:

05916eb5dd0e57a008d05ad8d47f0a88

SHA1 hash:

00240054d88533255bdbe750f172c218e6d5ebf5

Link:

https://www.unpac.me/results/b4356a7a-2ffc-45d0-9b53-cc9c5668ae62/

SH256 hash:

838e77f8eccdad19dbb7dbce3efaa028ca5279bcc6105918cdb2666b78b1bc80

MD5 hash:

a1c3d4c34bdfb043a753bacd01d8cca8

SHA1 hash:

b4ba9ca8aaa4d90ac98a85a56c2ad6f33c56ca42

Link:

https://www.unpac.me/results/b4356a7a-2ffc-45d0-9b53-cc9c5668ae62/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/838e77f8eccdad19dbb7dbce3efaa028ca5279bcc6105918cdb2666b78b1bc80

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/468091/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample