MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af72d998606947486a87fd2c1dd93afa42154511ee5c4b220d3f1aa07426cd91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Socks5Systemz

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	af72d998606947486a87fd2c1dd93afa42154511ee5c4b220d3f1aa07426cd91
SHA3-384 hash:	540096dba9c44da5b4fb09872d8b1787a14204d092ddd7ee86942db6ebcea97c413e50a66aec79dd54afef55bce50ce3
SHA1 hash:	46e482af730bf11389b1b238a64928dbeef6bb52
MD5 hash:	690962806ae360fdc04b19da152154e6
humanhash:	nevada-east-table-massachusetts
File name:	SecuriteInfo.com.Other.Malware-gen.15.32366
Download:	download sample
Signature	Socks5Systemz Create hunting rule
File size:	7'054'359 bytes
First seen:	2023-12-21 19:19:14 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'452 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep	98304:+4bl3vfxBteThymDliVPPcm/HeX6WtEcPzInANypjjfZNlR1KDUPdOU/TENGWUwH:Rh7teThPZidcKj8fPz6+4jb1KswNdDJF
Threatray	3'732 similar samples on MalwareBazaar
TLSH	T1CC663392876B9A39C13BACB94720C36B41CE7B6F54FD6A23F99D32F9103F245A101365
TrID	76.2% (.EXE) Inno Setup installer (107240/4/30) 10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4) 4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.2% (.EXE) Win32 Executable (generic) (4505/5/1) 1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):
dhash icon	b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter	SecuriteInfoCom
Tags:	exe Socks5Systemz

Intelligence

File Origin

# of uploads :

# of downloads :

288

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/468863/

Detection(s):

SecuriteInfo.com.Other.Malware-gen.15.32366.UNOFFICIAL

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

control installer lolbin overlay packed shell32

Link:

https://www.filescan.io/uploads/65848fe6ffafd83ebc97422a/reports/a4c6a53a-18fb-42c2-931c-629936694cd9/overview

Verdict:

Malicious

Labled as:

Agent.GCOX

Link:

https://www.hybrid-analysis.com/sample/af72d998606947486a87fd2c1dd93afa42154511ee5c4b220d3f1aa07426cd91

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/7ef8107d-d336-4ec6-bf15-efc73e97aca5

Score:

96%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/af72d998606947486a87fd2c1dd93afa42154511ee5c4b220d3f1aa07426cd91

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/af72d998606947486a87fd2c1dd93afa42154511ee5c4b220d3f1aa07426cd91/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2023-12-21 19:20:07 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

4 of 37 (10.81%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=v5zntgdanfduq2uh7uwb3wj27jbbkrir5zoewiqnh4nka5bgzwiq._file

Verdict:

malicious

Socks5Systemz

47faba85acbea0576e7006d53edc27352a95afb100fa60234e57b41d4a3d5cd7

Socks5Systemz

b4ecc5343955cdb23df3e6b83aced689ba863446522a70846db453e5ba0e89f8

Socks5Systemz

b68a7b8dd9c38abd30e56aa95f2ab80519b9d5fdbff1a726ed231891f04edae5

Socks5Systemz

c3d49b625f72eb6ce52ddbcfa28ddea1b0cbda77dab0df8cc13bd05a05414a49

Socks5Systemz

ea5d47d8d7fd5fc8268d7b65905c97b6e90d1be33af2be882cc744ad5740912c

Socks5Systemz

f95e2ed824d17844bbe1277cf764fbc769bcccd8d38cda03ca30f4c7b98eedbd

Socks5Systemz

+ 3'722 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/231221-x13qvabfdl/

Behaviour

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Program crash

Drops file in Program Files directory

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Unpacked files

SH256 hash:

ee1a3c1100dec8fd23709a7245944c8b65841810b37e2d90de9c3f45c0ac68cb

MD5 hash:

2dd87dbeca4a27b80fcf71e09fb953b7

SHA1 hash:

0183fccc631fd0ad12d1e711924c99d18a205b88

Detections:

INDICATOR_EXE_Packed_VMProtect

Link:

https://www.unpac.me/results/3d812925-1077-44c3-bbfd-0c4e7492ea3c/

Parent samples :

f95e2ed824d17844bbe1277cf764fbc769bcccd8d38cda03ca30f4c7b98eedbd
f191ecdd2e5bfa3159591ed10b4b88437f56fbc917d817489372b7dd634b991b
2d99fc04c07bcbb87ce1924199570c3a141183389adc60cd2b30571ab8122e16
b4ecc5343955cdb23df3e6b83aced689ba863446522a70846db453e5ba0e89f8
b68a7b8dd9c38abd30e56aa95f2ab80519b9d5fdbff1a726ed231891f04edae5
8e8433d03b7a1a6c5bcd623ffb4a55014516e6afe0ee1974a9ab42da56326003
d7c0c7650124d5fc3ceb01652ae9b3f54898797bdb77733333b80be530f44814
47faba85acbea0576e7006d53edc27352a95afb100fa60234e57b41d4a3d5cd7
00ba60c535b204b6a18ebe2a27905d9ded150725d4a6a374ee8c4065d677a3e9
c3d49b625f72eb6ce52ddbcfa28ddea1b0cbda77dab0df8cc13bd05a05414a49
ea5d47d8d7fd5fc8268d7b65905c97b6e90d1be33af2be882cc744ad5740912c
af72d998606947486a87fd2c1dd93afa42154511ee5c4b220d3f1aa07426cd91
a080de20aa321af83e8570c5bf58f3f3644b043d807a3acabed4e546eb49a6c2

SH256 hash:

ecc33439d1f4fc881c22505325d1a2d81d99cb83b3ba6e62beb6ea272a23aebf

MD5 hash:

eaf58a576d6abdccc3cf19d9e6bd3945

SHA1 hash:

ca7e10cb1e0a9c275484c2e71f00eb9ffad7e48a

Link:

https://www.unpac.me/results/3d812925-1077-44c3-bbfd-0c4e7492ea3c/

SH256 hash:

444c9128114c59e174dec3a243760f73843021b91cfab7959d71ee03b569c63c

MD5 hash:

c3f876aa5806a3e6815dc841a792f5bd

SHA1 hash:

83e3fdff1e387991c69d69d4cc6f53182d52131b

Link:

https://www.unpac.me/results/3d812925-1077-44c3-bbfd-0c4e7492ea3c/

SH256 hash:

af72d998606947486a87fd2c1dd93afa42154511ee5c4b220d3f1aa07426cd91

MD5 hash:

690962806ae360fdc04b19da152154e6

SHA1 hash:

46e482af730bf11389b1b238a64928dbeef6bb52

Link:

https://www.unpac.me/results/3d812925-1077-44c3-bbfd-0c4e7492ea3c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/af72d998606947486a87fd2c1dd93afa42154511ee5c4b220d3f1aa07426cd91

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/468863/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample

MalwareBazaar Database

Database Entry

Intelligence

File Origin

Vendor Threat Intelligence

Result

Details

Result

Signature

Behaviour

Result

Behaviour

Unpacked files

File information

Comments

Login required