MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b11de30bf78d392a2a80e04628c08041452c0b5784394f0da4b43311d627e93f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Socks5Systemz

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments 1

SHA256 hash:	b11de30bf78d392a2a80e04628c08041452c0b5784394f0da4b43311d627e93f
SHA3-384 hash:	e61e677b99e82790279e4ac4c27c16ae81dd86c6f1ad32fb6f56f6b87757223c2774f0711b492cf22349741fa41bee30
SHA1 hash:	de54d14300ee9c4c9c530220a79ad1d9449c7522
MD5 hash:	ba1a9da5e097b4a253ae7003eda4ffae
humanhash:	crazy-charlie-skylark-beryllium
File name:	ba1a9da5e097b4a253ae7003eda4ffae
Download:	download sample
Signature	Socks5Systemz Create hunting rule
File size:	7'428'190 bytes
First seen:	2023-12-15 17:37:18 UTC
Last seen:	2023-12-15 19:21:04 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'463 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep	196608:wPJ0MO97Xp3xrRIV1qnO9So3O436dEHtvR6Q64hn8f59zj:iUlzySwSo3OUsx19zj
Threatray	4'376 similar samples on MalwareBazaar
TLSH	T10976338298904DBAE525A7F93F10F0F208677CC620AAC096395E74497F36DA9C31DF5E
TrID	76.2% (.EXE) Inno Setup installer (107240/4/30) 10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4) 4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.2% (.EXE) Win32 Executable (generic) (4505/5/1) 1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):
dhash icon	fc66d8c8ead8b0b4 (212 x Socks5Systemz)
Reporter	zbetcheckin
Tags:	32 exe

Intelligence

File Origin

# of uploads :

# of downloads :

260

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/467642/

Detection(s):

SecuriteInfo.com.Win32.Evo-gen.14743.4312.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Сreating synchronization primitives

Searching for the window

Searching for synchronization primitives

Creating a file in the Program Files subdirectories

Moving a file to the Program Files subdirectory

Launching a process

Modifying a system file

Creating a file

Creating a service

Launching the process to interact with network services

Enabling autorun for a service

Gathering data

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

control installer lolbin overlay packed shell32

Link:

https://www.filescan.io/uploads/657c8efc7d4bdb7f8bf4ae22/reports/13c6592f-bcfe-442c-bf37-6cdfdcf91107/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/b11de30bf78d392a2a80e04628c08041452c0b5784394f0da4b43311d627e93f

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/4de97700-329e-4765-9d31-25054f3af872

Score:

90%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/b11de30bf78d392a2a80e04628c08041452c0b5784394f0da4b43311d627e93f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b11de30bf78d392a2a80e04628c08041452c0b5784394f0da4b43311d627e93f/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2023-12-15 17:38:07 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

7 of 37 (18.92%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=weo6gc7xru4sukua4bdcrqeaifcsyc2xqq4u6dnewqzrdvrh5e7q._file

Verdict:

suspicious

Socks5Systemz

3937ead41fd807749c505cbf5ed6e0d50332fadebe8c738a577b00753e2c58b8

Socks5Systemz

44fe362fc7097bf09caa35e8994ce0c4a91b1cc5c9e21c88436501e0dabcdf18

Socks5Systemz

60ba56182333d22369253a00e1727b13428204bf2bbfddb6886d7de14b127a0a

Socks5Systemz

8cd7d9d47ba8102ac9270964c9ab8f8dc1ef213bd768ffe873f17562b9d96a09

Socks5Systemz

ab0b4f68598f08654f3557b358885d871eac40f980a5a5cfafd96bc0ac6de710

Socks5Systemz

b031e427d9507815be0a6c0fb88a8812eb55272a77b5bfc52e34ece8736f748a

Socks5Systemz

be7c8595cd546418bba8e844ba2f52a84381dac962b3bd14361ced4eac6350fb

Socks5Systemz

d8c23b426a74a6ad69665008bab562c0cf5069ebe459e16e30337f62e0108dad

Socks5Systemz

d9bc37179d23c44f9f3fdfb2ae0f8409856153765061e73d1926138d2a47c4d2

Socks5Systemz

+ 4'366 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/231215-v7prfsgdcq/

Behaviour

Runs net.exe

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Drops file in Program Files directory

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Unpacked files

SH256 hash:

d1286da2332f03018f97ce332f9b3ea0963088e2ec105e6f2ba3acaea00560d4

MD5 hash:

5e46d295989c1e038ce5202a45a591b4

SHA1 hash:

46ea548a01d0e35d655a9cbcc90671fe3b5bf06c

Link:

https://www.unpac.me/results/b0746ea5-9df2-4e46-af38-0eba084a65a6/

SH256 hash:

cd9adefaa35a3034662e86df2be1c36b329bc244f94c3159539acafd6553b0f2

MD5 hash:

c8e8e96fdd5193502d3c1446929036e3

SHA1 hash:

41087fdd7b91ada19000ce49bf83a63b65d3deb1

Detections:

INDICATOR_EXE_Packed_VMProtect

Link:

https://www.unpac.me/results/b0746ea5-9df2-4e46-af38-0eba084a65a6/

Parent samples :

8cd7d9d47ba8102ac9270964c9ab8f8dc1ef213bd768ffe873f17562b9d96a09
21841068c709e94042478963cd39730a59ef5a3915e8d9c500d964ceff7652ad
be7c8595cd546418bba8e844ba2f52a84381dac962b3bd14361ced4eac6350fb
b031e427d9507815be0a6c0fb88a8812eb55272a77b5bfc52e34ece8736f748a
d8c23b426a74a6ad69665008bab562c0cf5069ebe459e16e30337f62e0108dad
60ba56182333d22369253a00e1727b13428204bf2bbfddb6886d7de14b127a0a
3937ead41fd807749c505cbf5ed6e0d50332fadebe8c738a577b00753e2c58b8
ab0b4f68598f08654f3557b358885d871eac40f980a5a5cfafd96bc0ac6de710
6126cec232b338fe92c5dc56f15f735bd750aa7669563c2e7f11cc962e4c501f
44fe362fc7097bf09caa35e8994ce0c4a91b1cc5c9e21c88436501e0dabcdf18
b11de30bf78d392a2a80e04628c08041452c0b5784394f0da4b43311d627e93f
0aaae938dbf33ebcf266df1ac8732813d346b82a39cdc83cf2dbe552803f86df
95e0b83409c2f4d7dd5da83bb1bdd65efc6e34d28b97773f14d7ca3822dced97
bd6f268e9e8f8d1cd3d33b08e5d4862a7b255ad023458c540ecfafa5d1ed8eea
866ec6c3b836357b347dc1a321140ab13ce731e61f396567f8956459781eeee0
cef0dde6c3601f7749fe5dfaf5735585fadd8c8a1958cea9091729a8c8fe9b36
154c4ec8406b92370b54f82496aa810af9f610fcd921bdb6a9dbc3192ae59c2a
a36ea9b99485c6bebc0f03fda024ece9199fc78d925124a87880269097b06bc1
d43ffbe733ec648bc3c9d4a466991d7a918d6a6ac3fe8b2e37ff66d2e4ce3981
3eceb0e5cb6d6e6a117298ccc10974d372eda885ffae9f8fc5539228d5e14766
75ce81e220a88057c4ce1eea3785dfd3e4b13faca319cf8ecb5a0afc8a86ee83
224bc6c33dcd68acb507793a6be8127b6ebb136969dce57a20cfe5348ba886ca
ebdcd8bb5d2463edd5bff47dfd842991e6f3ce96566a8c7b38bc2125d2043f59
d6f19704c133c17b682eb6982a4424c5aa729b4ee31f948b685dd6bcfc723caa
c607450c06c5860f7752a3c362791cae38f63b5f29d5ac4e7af05388dc8b0f52
e730705b1cbc94bb440445b63ed4a65729ee368fd2d53ca99ae5a1dccecaea12
2c6bbfd2ff344195dd47497f5775ed204d8a8a4590d658dac3ef3c41a9549fd0
2baec8b80e2a91562af38517240f5b97b35b2a97f2095cb66d7b8ddf0e918866
96cb6c98160cc60e55c3a64b4771ad5722189e4e7ed232a181c2b0b59e7714b4
18e96681f6c62925a2dc63cfe4a83dcd2c67126df12e222f14eab5a083fa5a5d
cabbee07b2ba837482d0674d15fe88809271511aa5782d8a458e958ee59e5863
045b1b8faa65cce267fdbc88b1e7ef8a48c2c09fa6a1f6d3992d23e37a7f3e70
15e0db7a88f0878f35c2b99a976ca337eccdf5f239a53a73d24c318ab7ebbb07
76bb2c85953cd4eb60f8bcf05d92a8235bd79982258608f0f173bf0cb2af49cd
e889afcc0429b2814282eecde77b42a12684085ca4fee29d39ae4aac9a66fa67
7307047350a12c3bee3987b4da33bbf73bda57bbd0c3fa6c170bdfe06c8d07c9
5ef4ee8c3636f4739250714babb2bc165f0d71c6527a584f4bfe58d86279253c
123c3632afae8b7946dc9be5dba43169a19f1f6e0b66db78bb4aad047064384f
033100ad9863bd17ca8606c22dfb0abdfe616d94711801e6fddb764af7cec327
990639f84723b8018e8b22c676366ff4035f35803ad56ef152582ea549116dd1

SH256 hash:

d6a876a3c637d2547102e588b379481f4ad2e1c3bbe00cc62f9e5ce34f626538

MD5 hash:

2d2968adf62889a7df03f83bbecca239

SHA1 hash:

33c5cd888361e51d74e10fe0cd9dc38fd09e6ac2

Link:

https://www.unpac.me/results/b0746ea5-9df2-4e46-af38-0eba084a65a6/

SH256 hash:

6feca73a93b88743608652f5300dc3048307ad9e3761ff3c0b0471fb40daefae

MD5 hash:

9a104d8730d0ad83d903946c68308553

SHA1 hash:

12c4d30f5b9773e388309a3d0fea701f73e77d04

Link:

https://www.unpac.me/results/b0746ea5-9df2-4e46-af38-0eba084a65a6/

SH256 hash:

d4f52b7d966c476dee40c677a9d9f224e55c592ee287660cd292e91eccd11848

MD5 hash:

9824254bb5cd741b93eec8e623580685

SHA1 hash:

0de975cd3955849f4c668eed5bb5f8b45f940d36

Link:

https://www.unpac.me/results/b0746ea5-9df2-4e46-af38-0eba084a65a6/

SH256 hash:

b11de30bf78d392a2a80e04628c08041452c0b5784394f0da4b43311d627e93f

MD5 hash:

ba1a9da5e097b4a253ae7003eda4ffae

SHA1 hash:

de54d14300ee9c4c9c530220a79ad1d9449c7522

Link:

https://www.unpac.me/results/b0746ea5-9df2-4e46-af38-0eba084a65a6/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/b11de30bf78d392a2a80e04628c08041452c0b5784394f0da4b43311d627e93f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Socks5Systemz

exe b11de30bf78d392a2a80e04628c08041452c0b5784394f0da4b43311d627e93f

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/467642/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-12-15 17:37:18 UTC

url : hxxps://stoon.hitsturbo.com/order/tuc5.exe

MalwareBazaar Database

Database Entry

Intelligence

File Origin

Vendor Threat Intelligence

Result

Behaviour

Result

Details

Result

Signature

Behaviour

Result

Behaviour

Unpacked files

File information

Comments

Login required