MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 b87d808f7a1e9700fd60254f04dc8a7c346cdbb325be45c8be51730b66eb4138. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Socks5Systemz
Vendor detections: 12
| SHA256 hash: | b87d808f7a1e9700fd60254f04dc8a7c346cdbb325be45c8be51730b66eb4138 |
|---|---|
| SHA3-384 hash: | 102b990007697028f27cebc56c9b6f975c7ba9b34054f55dd3407811a7c2e285de46e630da22bff8da167e2fe8901622 |
| SHA1 hash: | 6bf4caddd96984e00937f375aa1c4bbaa37c1cf4 |
| MD5 hash: | 57a645b8473c5bdaa14fbf5c5057b73f |
| humanhash: | echo-tango-chicken-india |
| File name: | tuc3.exe |
| Download: | download sample |
| Signature | Socks5Systemz |
| File size: | 7'340'057 bytes |
| First seen: | 2023-12-12 18:26:34 UTC |
| Last seen: | 2023-12-12 20:23:17 UTC |
| File type: | |
| MIME type: | application/x-dosexec |
| imphash | 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'463 x Socks5Systemz, 262 x RaccoonStealer) |
| ssdeep | 196608:qxm57eR06M1rgZUsUBcro6J33Yqjx/Ibzj:W/YgZg+of+xAbzj |
| Threatray | 6'805 similar samples on MalwareBazaar |
| TLSH | T1BF763380C5D0DA71C9E88F3C5E1DF27DB26D7AFED6320114F42EB31EA6B12A91518E85 |
| TrID | 80.0% (.EXE) Inno Setup installer (107240/4/30) 10.5% (.EXE) Win32 Executable Delphi generic (14182/79/4) 3.3% (.EXE) Win32 Executable (generic) (4505/5/1) 1.5% (.EXE) Win16/32 Executable Delphi generic (2072/23) 1.5% (.EXE) OS/2 Executable (generic) (2029/13) |
| dhash icon | 00f8dcdcdcbebe00 (621 x Socks5Systemz) |
| Reporter | |
| Tags: | exe Socks5Systemz |
Intelligence
File Origin
GRVendor Threat Intelligence
Result
Behaviour
Result
Details
Result
Signature
Behaviour
Result
Behaviour
Unpacked files
455c5ff4880db27b1da5008dce47cff286bcb502977e296b0d0ee9e166bd5947
3152830babae493fd5c45e51232a01e18a3cfddffe0faf8c4f0482d8c1ac9871
ef3420be1d7a8273157916aa98295535bdffe8da47e6c7cb0ba76840513d705c
07290d50a73d3c443c8bc6b6c47b0772e54143b5e032b14b9436afe0af48246f
e034d65ebce0b13750894f5c97c5e2d845aebfe8f8a150085876d25cf01680a6
eb821a2d861956e249fc99ef6d0d51b451a5a175e80065092d8fcd52efea8f26
eeafcc409ec99c46c4faf08c23b48b1b153d265147269641ee4745532dc5d7a3
bc2bc165e26f73396a683561595940473ab60cc97a3113233b496888e4e39738
a4db90562067720d608f606b860bf2874ad7ca8cd61575c8c27a51e43ca53b04
e36bbff50ec3ce1240246272f3b1651980e6adab79b16619db76deb07f0f18e4
8a47fb1fe885446a47bc58148e7a875259302814c358db4a606e41177f1aa606
4164de08db97485218a822caf0865b38ba6062cc32968a2c2ad6293d98225b63
9bdfdb565c9d1fdc194867826fc20c61a38351f277bd55f99c9f4fbe7934d8fd
YARA Signatures
MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.
| Rule name: | shellcode |
|---|---|
| Author: | nex |
| Description: | Matched shellcode byte patterns |
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.