MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a080de20aa321af83e8570c5bf58f3f3644b043d807a3acabed4e546eb49a6c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socks5Systemz


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a080de20aa321af83e8570c5bf58f3f3644b043d807a3acabed4e546eb49a6c2
SHA3-384 hash: 0372238c799c36fd8708f9c3edf73f87a2046242a524909a2e8db8299add2f7ba1270a4635d4344c7d9b05bd996e84c4
SHA1 hash: ed1a2a278c8f0fb555dac4a70c203777188eaad8
MD5 hash: 5166f546a52d33cf24a27e2c9e560bf3
humanhash: one-utah-burger-avocado
File name:SecuriteInfo.com.Trojan.Siggen22.47135.1689.9732
Download: download sample
Signature Socks5Systemz
Create hunting rule
File size:7'054'359 bytes
First seen:2023-12-21 21:19:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'507 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 98304:M4bl3vfxBteThymDliVPPcm/HeX6WtEcPzInANypjjfZNlR1KDUPdOU/TENGWUwH:fh7teThPZidcKj8fPz6+4jb1KswNdDJF
Threatray 3'743 similar samples on MalwareBazaar
TLSH T1AF663392876B9A39C13BACB94720C36B41CE7B6F54FD6A23F99D32F9103F245A101365
TrID 76.2% (.EXE) Inno Setup installer (107240/4/30)
10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.2% (.EXE) Win32 Executable (generic) (4505/5/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter SecuriteInfoCom
Tags:exe Socks5Systemz

Intelligence

File Origin
# of uploads :
1
# of downloads :
318
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a080de20aa321af83e8570c5bf58f3f3644b043d807a3acabed4e546eb49a6c2.zip
Verdict:
No threats detected
Analysis date:
2023-12-21 21:22:02 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2e21aebd-ea0c-4417-ba37-875344d35fde

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468881/
Detection(s):
SecuriteInfo.com.Trojan.Siggen22.47135.1689.9732.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control installer lolbin masquerade overlay packed shell32
Link:
https://www.filescan.io/uploads/6584abc8b855eb3693ec1997/reports/923d466e-8333-40dd-8db7-caf4131e033e/overview
Verdict:
Malicious
Labled as:
Agent.GCOX
Link:
https://www.hybrid-analysis.com/sample/a080de20aa321af83e8570c5bf58f3f3644b043d807a3acabed4e546eb49a6c2
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/26f6d1e6-c54b-4750-aab1-973d95a9a04a
Result
Threat name:
Petite Virus, Socks5Systemz
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1365851
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found API chain indicative of debugger detection
PE file has nameless sections
Snort IDS alert for network traffic
Yara detected Petite Virus
Yara detected Socks5Systemz
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1365851 Sample: SecuriteInfo.com.Trojan.Sig... Startdate: 21/12/2023 Architecture: WINDOWS Score: 100 46 Snort IDS alert for network traffic 2->46 48 Antivirus / Scanner detection for submitted sample 2->48 50 Detected unpacking (changes PE section rights) 2->50 52 6 other signatures 2->52 8 SecuriteInfo.com.Trojan.Siggen22.47135.1689.9732.exe 2 2->8         started        11 svchost.exe 3 14 2->11         started        process3 file4 32 SecuriteInfo.com.T...47135.1689.9732.tmp, PE32 8->32 dropped 13 SecuriteInfo.com.Trojan.Siggen22.47135.1689.9732.tmp 17 71 8->13         started        16 WerFault.exe 2 11->16         started        18 WerFault.exe 2 11->18         started        process5 file6 34 C:\Program Files (x86)\...\rbuttontray.exe, PE32 13->34 dropped 36 C:\Program Files (x86)\...\is-JF9E9.tmp, PE32 13->36 dropped 38 C:\Program Files (x86)\...\is-AKTC5.tmp, PE32 13->38 dropped 40 99 other files (none is malicious) 13->40 dropped 20 rbuttontray.exe 1 15 13->20         started        23 rbuttontray.exe 1 2 13->23         started        process7 dnsIp8 42 dldvdyb.info 185.196.8.22, 49738, 49740, 49742 SIMPLECARRER2IT Switzerland 20->42 44 95.216.227.177, 2023, 49739, 49741 HETZNER-ASDE Germany 20->44 30 C:\ProgramData\PDiskSnap76\PDiskSnap76.exe, PE32 23->30 dropped 26 WerFault.exe 21 16 23->26         started        28 WerFault.exe 16 23->28         started        file9 process10
Score:
96%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/a080de20aa321af83e8570c5bf58f3f3644b043d807a3acabed4e546eb49a6c2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a080de20aa321af83e8570c5bf58f3f3644b043d807a3acabed4e546eb49a6c2/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-12-21 21:20:06 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
4 of 37 (10.81%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ucan4ifkginpqpufodc36wht6nsewbb5qb5dvsv62tsun22ju3ba._file
Verdict:
malicious
Similar samples:
2d99fc04c07bcbb87ce1924199570c3a141183389adc60cd2b30571ab8122e16
Socks5Systemz
47faba85acbea0576e7006d53edc27352a95afb100fa60234e57b41d4a3d5cd7
Socks5Systemz
af72d998606947486a87fd2c1dd93afa42154511ee5c4b220d3f1aa07426cd91
Socks5Systemz
b4ecc5343955cdb23df3e6b83aced689ba863446522a70846db453e5ba0e89f8
Socks5Systemz
b68a7b8dd9c38abd30e56aa95f2ab80519b9d5fdbff1a726ed231891f04edae5
Socks5Systemz
c3d49b625f72eb6ce52ddbcfa28ddea1b0cbda77dab0df8cc13bd05a05414a49
Socks5Systemz
ea5d47d8d7fd5fc8268d7b65905c97b6e90d1be33af2be882cc744ad5740912c
Socks5Systemz
f95e2ed824d17844bbe1277cf764fbc769bcccd8d38cda03ca30f4c7b98eedbd
Socks5Systemz
+ 3'733 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/231221-z56dmsfchr/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Program crash
Drops file in Program Files directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Unpacked files
SH256 hash:
ee1a3c1100dec8fd23709a7245944c8b65841810b37e2d90de9c3f45c0ac68cb
MD5 hash:
2dd87dbeca4a27b80fcf71e09fb953b7
SHA1 hash:
0183fccc631fd0ad12d1e711924c99d18a205b88
Detections:
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Link:
https://www.unpac.me/results/b7b03e81-c9e4-41a4-8683-8a548b537d9c/
Parent samples :
f95e2ed824d17844bbe1277cf764fbc769bcccd8d38cda03ca30f4c7b98eedbd
f191ecdd2e5bfa3159591ed10b4b88437f56fbc917d817489372b7dd634b991b
2d99fc04c07bcbb87ce1924199570c3a141183389adc60cd2b30571ab8122e16
b4ecc5343955cdb23df3e6b83aced689ba863446522a70846db453e5ba0e89f8
b68a7b8dd9c38abd30e56aa95f2ab80519b9d5fdbff1a726ed231891f04edae5
8e8433d03b7a1a6c5bcd623ffb4a55014516e6afe0ee1974a9ab42da56326003
d7c0c7650124d5fc3ceb01652ae9b3f54898797bdb77733333b80be530f44814
47faba85acbea0576e7006d53edc27352a95afb100fa60234e57b41d4a3d5cd7
00ba60c535b204b6a18ebe2a27905d9ded150725d4a6a374ee8c4065d677a3e9
c3d49b625f72eb6ce52ddbcfa28ddea1b0cbda77dab0df8cc13bd05a05414a49
ea5d47d8d7fd5fc8268d7b65905c97b6e90d1be33af2be882cc744ad5740912c
af72d998606947486a87fd2c1dd93afa42154511ee5c4b220d3f1aa07426cd91
a080de20aa321af83e8570c5bf58f3f3644b043d807a3acabed4e546eb49a6c2
SH256 hash:
277d6cbc332f396b5940879862fd431030d5591a24bf62810f87afff7c934cc8
MD5 hash:
26647864fea783972ad57d30cc696bf7
SHA1 hash:
caf06d46b794ebad099d5c4ff944491c4cf8bf0c
Link:
https://www.unpac.me/results/b7b03e81-c9e4-41a4-8683-8a548b537d9c/
SH256 hash:
ccaadc546ac056ed534d6726e9d6a52e365188305f7dbf1fac252b4cdb52f449
MD5 hash:
34a328f54011097ce6f2004253161aa0
SHA1 hash:
a42f4f4d167f8c905d1580078f5d8189f9240604
Link:
https://www.unpac.me/results/b7b03e81-c9e4-41a4-8683-8a548b537d9c/
SH256 hash:
a947e255b54a5bc9d7d8eea5cfb6628d847693dd07e82af95d491ea8e80e8bd7
MD5 hash:
7171a652e4e9244b2e045f0e4df288a2
SHA1 hash:
239774da0fd13b39f2ef19289d6f9be3d23a0e04
Link:
https://www.unpac.me/results/b7b03e81-c9e4-41a4-8683-8a548b537d9c/
SH256 hash:
a080de20aa321af83e8570c5bf58f3f3644b043d807a3acabed4e546eb49a6c2
MD5 hash:
5166f546a52d33cf24a27e2c9e560bf3
SHA1 hash:
ed1a2a278c8f0fb555dac4a70c203777188eaad8
Link:
https://www.unpac.me/results/b7b03e81-c9e4-41a4-8683-8a548b537d9c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a080de20aa321af83e8570c5bf58f3f3644b043d807a3acabed4e546eb49a6c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/468881/

Comments