MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 9dd0d2bfb00da2ef8e4a59eba2916cb3208a352f667e7d550a2ba5d5434c4704. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Socks5Systemz
Vendor detections: 14
| SHA256 hash: | 9dd0d2bfb00da2ef8e4a59eba2916cb3208a352f667e7d550a2ba5d5434c4704 |
|---|---|
| SHA3-384 hash: | 5f62b413105108ac525345b1481a0c3da9f934713af57eb9b2c665706ad6a27ccf7f6bf365189209cdc4728bd8537f4e |
| SHA1 hash: | ad15ba77adcac76068169928cfcaed0e6a240274 |
| MD5 hash: | d7c03b4c1d8aa7d0877d39a3f78a2287 |
| humanhash: | spaghetti-nevada-magnesium-butter |
| File name: | d7c03b4c1d8aa7d0877d39a3f78a2287 |
| Download: | download sample |
| Signature | Socks5Systemz |
| File size: | 4'913'746 bytes |
| First seen: | 2023-12-30 17:05:13 UTC |
| Last seen: | 2023-12-30 20:21:00 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'463 x Socks5Systemz, 262 x RaccoonStealer) |
| ssdeep | 98304:QIxLo8RFyYCTihNgBFyMb+WVEIk9YDdyax9eW7ofMrBtmF+Vi/qeae4dm8:zxLv3vhNMyq+AzyaxXofWswVk9ae4dD |
| Threatray | 92 similar samples on MalwareBazaar |
| TLSH | T16D363348E7D4CC7CE4CAA6B5BE5B0827467B3E488D35F1BC62AD5D4EA6272005D0B3E1 |
| TrID | 76.2% (.EXE) Inno Setup installer (107240/4/30) 10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4) 4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.2% (.EXE) Win32 Executable (generic) (4505/5/1) 1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23) |
| File icon (PE): |  |
| dhash icon | b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer) |
| Reporter |  zbetcheckin |
| Tags: | 32 exe Socks5Systemz |
Intelligence
File Origin
# of uploads :
2
# of downloads :
463
Origin country :
FRVendor Threat Intelligence
Malware family:
kelihos
ID:
1
File name:
bomb.zip
Verdict:
Malicious activity
Analysis date:
2023-12-30 16:52:42 UTC
Tags:
opendir kelihos trojan loader payload stealer stealc netsupport unwanted purplefox backdoor amadey botnet phorpiex dupzom vidar redline phishing lumma redosdru risepro guloader evasion nitol servstart agenttesla
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Modifying a system file
Creating a file
Creating a service
Enabling autorun for a service
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
control installer lolbin overlay packed shell32
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Argotronic GmbH
Verdict:
Suspicious
Result
Threat name:
Petite Virus, Socks5Systemz
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Multi AV Scanner detection for submitted file
PE file has nameless sections
Snort IDS alert for network traffic
Yara detected Petite Virus
Yara detected Socks5Systemz
Behaviour
Behavior Graph:
Score:
24%
Verdict:
Benign
File Type:
PE
Threat name:
Win32.Trojan.Generic
Status:
Malicious
First seen:
2023-12-30 17:06:12 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
12 of 23 (52.17%)
Threat level:
2/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 82 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
7/10
Tags:
discovery
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Unpacked files
SH256 hash:
c36cef9d3c9bf51f4b4608d1185baebd893b9b613139613129e20460b4233569
MD5 hash:
e5df3c839cf2c7197c71df4c32f2c5b5
SHA1 hash:
2369194cfa9d738bd4b1fdd78f3b70bbf3f53748
Detections:
INDICATOR_EXE_Packed_VMProtect
SH256 hash:
2bfe410b19c836083c8b8f5cf184e47761d661694879d00e159e58a8c5f3e8c8
MD5 hash:
3bdb6834d3031a6c402c6a6967a19206
SHA1 hash:
1feef2d6e22e9e1cfd37f2f4184b6c074e0add14
SH256 hash:
f633fdcfea8affcc250659335936b001aaba0b72a98427a27cd77bb731454c33
MD5 hash:
026ffbdc1554646fadbe025838aa9c33
SHA1 hash:
c092800baf2ebb99afd7a20ae8834d24ac390ef2
SH256 hash:
74c7ef0d21748df5aa4be5f4479136cdd8d722a71114587edf1e041b3d8ccefe
MD5 hash:
ab79ef68155e5bde1f434e1311f3ff74
SHA1 hash:
843d5f1f1a751256f505f7a63090ddbeebd45192
SH256 hash:
9dd0d2bfb00da2ef8e4a59eba2916cb3208a352f667e7d550a2ba5d5434c4704
MD5 hash:
d7c03b4c1d8aa7d0877d39a3f78a2287
SHA1 hash:
ad15ba77adcac76068169928cfcaed0e6a240274
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.url : hxxps://loop.topteamlife.com/order/tuc6.exe