MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acec330775d1b7479de1f6a6f2fad308bf213ee146461b906ab78827f3a372ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Socks5Systemz

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments 1

SHA256 hash:	acec330775d1b7479de1f6a6f2fad308bf213ee146461b906ab78827f3a372ef
SHA3-384 hash:	721c9a1791587fa286eb92f4500a8fc4be6dd6ba71050b04765546f12b7a834fd183dd12db0ee9910bc5c074a9bc8c06
SHA1 hash:	2e0be6938f73bead0f37f48a9579b62c7c20fd10
MD5 hash:	74e8e5b227607168b75acfce53c53f76
humanhash:	cardinal-zulu-skylark-salami
File name:	74e8e5b227607168b75acfce53c53f76
Download:	download sample
Signature	Socks5Systemz Create hunting rule
File size:	7'440'893 bytes
First seen:	2023-12-15 18:16:19 UTC
Last seen:	2023-12-15 20:17:48 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'507 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep	196608:D2gEIwIyDXaJakqYo+40WIK6ULr0kaAxALe/zj:/EbhuJaGg0M6wrMAyLezj
Threatray	7'351 similar samples on MalwareBazaar
TLSH	T18F7633D2DE748868F13B5F701A30F8B59A4EBC2D636B4746378E57094F0D92E898E319
TrID	76.2% (.EXE) Inno Setup installer (107240/4/30) 10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4) 4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.2% (.EXE) Win32 Executable (generic) (4505/5/1) 1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):
dhash icon	fc66d8c8ead8b0b4 (212 x Socks5Systemz)
Reporter	zbetcheckin
Tags:	32 exe Socks5Systemz

Intelligence

File Origin

# of uploads :

# of downloads :

256

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/467670/

Detection(s):

SecuriteInfo.com.Trojan.Siggen22.37888.22252.21972.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Сreating synchronization primitives

Searching for the window

Searching for synchronization primitives

Creating a file in the Program Files subdirectories

Moving a file to the Program Files subdirectory

Launching a process

Modifying a system file

Creating a file

Creating a service

Launching the process to interact with network services

Sending a custom TCP request

Enabling autorun for a service

Gathering data

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

control installer lolbin overlay packed shell32

Link:

https://www.filescan.io/uploads/657c981fd48681e0d661d4d3/reports/13705569-708b-40b2-9f68-1c269b0b7e42/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/acec330775d1b7479de1f6a6f2fad308bf213ee146461b906ab78827f3a372ef

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/74ca322b-040b-438e-b678-9d94cf77ccea

Score:

90%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/acec330775d1b7479de1f6a6f2fad308bf213ee146461b906ab78827f3a372ef

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/acec330775d1b7479de1f6a6f2fad308bf213ee146461b906ab78827f3a372ef/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2023-12-15 18:17:06 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

7 of 37 (18.92%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=vtwdgb3v2g3uphpb62tpf6wtbc7scpxbizdbxedkw6ecp45dolxq._file

Verdict:

malicious

Socks5Systemz

09f58d1d441dadc8b93982f62b66657487ea60aef468609326a15fd0d9b33c45

Socks5Systemz

13054411201b9158073642396f92d1cc9ec35e6a7895aef500a46454d6768e1f

Socks5Systemz

2eacc6c81c9f25c845c68d34813909cc7de26fe3d1292976cac7a44e7586245f

Socks5Systemz

3998b0a633a86769bce8407061fd3befe448f9f3e4f5cfa19188146debb23fac

Socks5Systemz

43dd3a661a9f602eb9ef7e3fa17b42595e0a553c527b79a6da11b48190966926

Socks5Systemz

64f5599d2ca565072b3943f655c7a23654557c8ccbc5fe186ec6ff3d13e7338d

Socks5Systemz

6b9d48d1666f6677ec5d0d7c692e3a2a4f5b91b0da456902c9eed4aa2ce6a002

Socks5Systemz

7c5dce3c966132533dbc71ac949be7e5750733d52a62d008cdcde90d4a8f6dec

Socks5Systemz

+ 7'341 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/231215-wxkv7ageem/

Behaviour

Runs net.exe

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Drops file in Program Files directory

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Unpacked files

SH256 hash:

19851b5bef9efb7c499eee5abfc671723bce2bc56152e7c9326739c580798cf4

MD5 hash:

9cd6024cde7c4d65b804d6989b5a126b

SHA1 hash:

63f775171c70609942ce999c54b7f040da377818

Detections:

INDICATOR_EXE_Packed_VMProtect

Link:

https://www.unpac.me/results/30904b01-368a-4cfd-8e21-24c70c8dbf7b/

Parent samples :

09f58d1d441dadc8b93982f62b66657487ea60aef468609326a15fd0d9b33c45
64f5599d2ca565072b3943f655c7a23654557c8ccbc5fe186ec6ff3d13e7338d
43dd3a661a9f602eb9ef7e3fa17b42595e0a553c527b79a6da11b48190966926
3998b0a633a86769bce8407061fd3befe448f9f3e4f5cfa19188146debb23fac
b11c8b9cdd96fd30e5de3a69ccde8edafe13438c0fceda7e392b5cdde5ba7daa
13054411201b9158073642396f92d1cc9ec35e6a7895aef500a46454d6768e1f
2eacc6c81c9f25c845c68d34813909cc7de26fe3d1292976cac7a44e7586245f
04cbe05091761151102b9cffcaf6a1c91e4b4431f521e03dc1c2304a820e04db
57b0e80cb3cfb0214034959e53f1c7ab6c9312394573024276c95811cdaeb278
7c5dce3c966132533dbc71ac949be7e5750733d52a62d008cdcde90d4a8f6dec
acec330775d1b7479de1f6a6f2fad308bf213ee146461b906ab78827f3a372ef
d19fd1f315f4550faceb971526682922c73287e1b7e5bd2e76334390290dc02a
9f946835520f2eb712787c74581a25851375395b5cf6809335fd990d224743e0
87d8fbdd2a9a937527613e5f62ce5eff9a926a1104127ecc2ac3806a7fe93b19
836bfd331f9becf071f69796ec1ccf01eadf2874f2459783b209d31c8628bccd
5625cf870b0150d5978ac206682189f0c1f51965d4aa5e0eebc68972c07754ab
05fa357e6559b3b80dd3659baf45d42fbace5782ce6cdc58538eb766571f7567
c3e5232d718d67fc44801898ab3b4040f06987f503be28e2e1255072a978b375
dd1d75a550c07fce20c852d0298ea131fd45f6bf6835c785588a8ef10a45f6e5
fe310dd89c4db6f130d0f4c72a3da2ef3299195302deea3fa6b71ad10517d1aa
ab1f2af009b409fe6d0e3b502c914ac35632df649f0ffbf21c18b280b060743e
1fa7b6e65f92a710e3871222472b79ae41042a3298a44345b62ecacf1ff8f458
67a19b16519f6c0818546f706781c0f586c79df5171fa5df97ea1b212829b43b
1f26d5fbb26b6276727d3fffb91bac7eff283634ef889125234cf1929cbd9c71
326546470a0b59e2715ac56154717195307ed202129b01d1cf3c018f2f7945bc
ac59e65ec92931e511ebab7791b27a7e931a1779eeccc3375c17437c03b9453a
d8cd770ca38c3cdfbcc9d0807c1fedd00f08cec54e6b6f40e90d0b94a7fc28be
b9d93592dbf88f14761154701a50c763c64206d3f79449b3976a2db7c6362ec8
9083f18e2c75537abb36189fc056199b808adf58ebefbd6f91cb5f58b44ceb7d
7f6dfa460b311fddb312707b38c5e99324a033bb6c71a0b1383e5b3dbda6d7a6
0bf4d2ac1712d13b5c0f63072b6f5d4e624417b7f121a27c56397853d46eb007
d3f133acb1eda46d7aba9cc0036b8a3b96398688a1d56c5308b129ad297c6cf9
91e79de46ed98d5f26afe533b2ea43d019a88d98c701b2e9c82d2b19455e7a52
257d04da95c47475dd926281584b2ef4bc56f8fb3331287bc6cfea3f1b1341ad
f6538739b978572621cea81af29f7d5787d3c8e174646e18455c28b37a001e5d
811757b5704cea023793ba821ccd33a9ba82a6512706b54b65185c52015d6970
23346468a7edb68bdb3ffca1d836c3e3d93c1149cff3134bbfceb3c24ef85f4c
3256cc6027be123e5c1c1e0e87c80f85f78c7d188482758d0efcf01ac6825638

SH256 hash:

50e9def7c87bf5740b85c9fa6f7e24de9dd69043ac12f61c17f6ace40fbd3643

MD5 hash:

f62af25e8dd1c03d2b9203a17c7a5ed6

SHA1 hash:

671a7f3a460bc8b787240f15e5a37a26e0c36522

Link:

https://www.unpac.me/results/30904b01-368a-4cfd-8e21-24c70c8dbf7b/

SH256 hash:

d4f52b7d966c476dee40c677a9d9f224e55c592ee287660cd292e91eccd11848

MD5 hash:

9824254bb5cd741b93eec8e623580685

SHA1 hash:

0de975cd3955849f4c668eed5bb5f8b45f940d36

Link:

https://www.unpac.me/results/30904b01-368a-4cfd-8e21-24c70c8dbf7b/

SH256 hash:

acec330775d1b7479de1f6a6f2fad308bf213ee146461b906ab78827f3a372ef

MD5 hash:

74e8e5b227607168b75acfce53c53f76

SHA1 hash:

2e0be6938f73bead0f37f48a9579b62c7c20fd10

Link:

https://www.unpac.me/results/30904b01-368a-4cfd-8e21-24c70c8dbf7b/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/acec330775d1b7479de1f6a6f2fad308bf213ee146461b906ab78827f3a372ef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Socks5Systemz

exe acec330775d1b7479de1f6a6f2fad308bf213ee146461b906ab78827f3a372ef

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/467670/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-12-15 18:16:20 UTC

url : hxxps://stoon.hitsturbo.com/order/tuc4.exe

MalwareBazaar Database

Database Entry

Intelligence

File Origin

Vendor Threat Intelligence

Result

Behaviour

Result

Details

Result

Signature

Behaviour

Result

Behaviour

Unpacked files

File information

Comments

Login required