MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a8d4e81a4ec2637adc5a74746a9f1574d47850ee833edd5faefcf84edab239a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Socks5Systemz

Vendor detections: 10

Intelligence 10 IOCs YARA 1 File information Comments

SHA256 hash:	9a8d4e81a4ec2637adc5a74746a9f1574d47850ee833edd5faefcf84edab239a
SHA3-384 hash:	6840ec35e077f6090f2819bf7d844ab84b6b0769f3696cb7c0114302d0a313cf94bf4e0b81e8f874089b7dc2afde1b86
SHA1 hash:	220ac124aac264e5a97a97f082d36e66209b209f
MD5 hash:	bd68eb00f0eb01274f4ad7b09795390d
humanhash:	maine-september-illinois-october
File name:	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.19452.15629
Download:	download sample
Signature	Socks5Systemz Create hunting rule
File size:	3'102'974 bytes
First seen:	2023-12-01 08:37:38 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'509 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep	49152:N2V9j2tB8nFGjZqzfN9VporsIKpeN+sivVAvtgUeYqpMqK9b7Bz/sI:YV9KBi9grsIKcNBivVA1g4yMx7Vd
Threatray	3'369 similar samples on MalwareBazaar
TLSH	T1E4E5339212B3C436F891457248E8A44496D3FA214AB47D96250EC6CABB335D6F0EF37B
TrID	76.2% (.EXE) Inno Setup installer (107240/4/30) 10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4) 4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.2% (.EXE) Win32 Executable (generic) (4505/5/1) 1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):
dhash icon	b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter	SecuriteInfoCom
Tags:	exe Socks5Systemz

Intelligence

File Origin

# of uploads :

# of downloads :

304

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/461650/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Сreating synchronization primitives

Searching for the window

Creating a file

Moving a recently created file

Launching a process

Modifying a system file

Creating a service

Launching the process to interact with network services

Enabling autorun for a service

Gathering data

Verdict:

Malicious

Labled as:

Trojan/DownloadAssistant

Link:

https://www.hybrid-analysis.com/sample/9a8d4e81a4ec2637adc5a74746a9f1574d47850ee833edd5faefcf84edab239a

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/b8be20a4-d5ad-4803-b31e-3856c8a17105

Result

Threat name:

Socks5Systemz

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1351222

Behaviour

Behavior Graph:

n/a

Score:

88%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/9a8d4e81a4ec2637adc5a74746a9f1574d47850ee833edd5faefcf84edab239a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9a8d4e81a4ec2637adc5a74746a9f1574d47850ee833edd5faefcf84edab239a/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2023-12-01 08:38:07 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

11 of 23 (47.83%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tkgu5ane5qtdplofu5dunkprk5gupbio5az63vp257hyj3nleona._file

Verdict:

malicious

Socks5Systemz

6aecf59a4bd4404aceb41ece723ffa886ed20e6efb7b7c0bb3515a1b46159c20

Socks5Systemz

da0acf2a88f1812cd5503d958a41370da1101a2f3f1f65adbfba5c5e90f145b1

Socks5Systemz

db6550015566be3756963680a04b46962384f708f7d10d4a8ab14dd6492097b5

Socks5Systemz

ee55f7c4993f9ee789f8d9549a45111843ccbddb4f5531f6dc7d356089de507d

Socks5Systemz

+ 3'359 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/231201-kjv88agd2y/

Behaviour

Runs net.exe

Suspicious use of WriteProcessMemory

Drops file in Program Files directory

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Unpacked files

SH256 hash:

d380580f5ee79d082f97c198ffc5185abefcc539a1e49f94ae208589605aaba1

MD5 hash:

dafe17c375dda7c95b571f98f65c645f

SHA1 hash:

8d11479eb7852c315fa38ffffe62f46bc914ea26

Link:

https://www.unpac.me/results/239562c8-e436-4c63-a204-e76ef7205c79/

SH256 hash:

85a4383bde0380cef48e33610e95aa036439305d8c446b2a714226caef6478d1

MD5 hash:

33295bbdc28a26f05a3ac65f629736fa

SHA1 hash:

84b4ba8dc2bc1e6d667306f4af5c8ef2815a58c2

Link:

https://www.unpac.me/results/239562c8-e436-4c63-a204-e76ef7205c79/

SH256 hash:

ce588376ea4fa4ce5476769134778d4c0316b27e81f4e8218de0e5d853b68438

MD5 hash:

a9b0b7d2fa0175d20261263d995ed9be

SHA1 hash:

772ecf544750ab81fa9e7a49e0c4ffcb6c50965c

Link:

https://www.unpac.me/results/239562c8-e436-4c63-a204-e76ef7205c79/

SH256 hash:

9f686940f5af9a5b4e73aeebfc7e6a84598adeac24e17042528ab22f34ed2edd

MD5 hash:

54e51697e47862cc7274c8e0886d7213

SHA1 hash:

beb3b9dd20e3fc4ce16b8f2d7662dff091c511e7

Link:

https://www.unpac.me/results/239562c8-e436-4c63-a204-e76ef7205c79/

SH256 hash:

753083de10b230da03c6e2bc4865bbefb9a9c94d8946699d3a6d903048f0ba94

MD5 hash:

fc245721f161c38115ecec21ef18971b

SHA1 hash:

0d7652a91c74b7861948293dfd80f1d7831a73fb

Link:

https://www.unpac.me/results/239562c8-e436-4c63-a204-e76ef7205c79/

SH256 hash:

9a8d4e81a4ec2637adc5a74746a9f1574d47850ee833edd5faefcf84edab239a

MD5 hash:

bd68eb00f0eb01274f4ad7b09795390d

SHA1 hash:

220ac124aac264e5a97a97f082d36e66209b209f

Link:

https://www.unpac.me/results/239562c8-e436-4c63-a204-e76ef7205c79/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9a8d4e81a4ec2637adc5a74746a9f1574d47850ee833edd5faefcf84edab239a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	shellcode Create hunting rule
Author:	nex
Description:	Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/461650/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample