MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d308abf2c66d01bdf3ef1a56dc411c1d0d4692807cd4d7f7c275222f489ed63f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	d308abf2c66d01bdf3ef1a56dc411c1d0d4692807cd4d7f7c275222f489ed63f
SHA3-384 hash:	2f69d971011bee1a66b955ad8044179a9dae0ae1c32982e420c3ba5dcc490f122de20bc66da9ca8c65e38b71e410aa7e
SHA1 hash:	f2769dc6b9b33034790267a203a44e78c84191cc
MD5 hash:	d06d079543fd2f10bd4b488dfd0745bc
humanhash:	muppet-social-speaker-maryland
File name:	d06d079543fd2f10bd4b488dfd0745bc
Download:	download sample
Signature	Socks5Systemz Alert Create hunting rule
File size:	7'421'091 bytes
First seen:	2023-12-15 16:52:43 UTC
Last seen:	2023-12-15 18:21:00 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'455 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep	196608:XYTpIuQgOIv8of2n/RtxAAGmVAr91tyjAoaZzj:oKlY2n/Rtvyr9bzj
Threatray	4'344 similar samples on MalwareBazaar
TLSH	T1B37633C73440497CD8C6DBF41D46DB723766BBE675630AD8EACE9274B782804A9187CC
TrID	76.2% (.EXE) Inno Setup installer (107240/4/30) 10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4) 4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.2% (.EXE) Win32 Executable (generic) (4505/5/1) 1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):
dhash icon	fc66d8c8ead8b0b4 (212 x Socks5Systemz)
Reporter	zbetcheckin
Tags:	32 exe Socks5Systemz

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

288

Origin country :

FR

Vendor Threat Intelligence

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/467608/

ClamAV Detected

Detection(s):

SecuriteInfo.com.Win32.Evo-gen.6100.4631.UNOFFICIAL

Alert

Create hunting rule

Dr. Web vxCube Malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% subdirectories

Creating a window

Creating a process from a recently created file

Сreating synchronization primitives

Searching for the window

Searching for synchronization primitives

Creating a file in the Program Files subdirectories

Moving a file to the Program Files subdirectory

Modifying a system file

Creating a file

Creating a service

Sending a custom TCP request

Enabling autorun for a service

Dragonfly

Gathering data

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

control installer lolbin overlay packed shell32

Link:

https://www.filescan.io/uploads/657c8473d48681e0d661d135/reports/3eb05f9a-7d03-4b76-8b6a-ec591edafac2/overview

Hybrid Analysis Win/malicious_confidence_60%

Verdict:

Malicious

Labled as:

Win/malicious_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/d308abf2c66d01bdf3ef1a56dc411c1d0d4692807cd4d7f7c275222f489ed63f

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Intezer Suspicious

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/8d354455-d9ea-42fb-88b9-39a11bf8a7e2

Joe Sandbox Petite Virus, Socks5Systemz

Result

Threat name:

Petite Virus, Socks5Systemz

Alert

Create hunting rule

Detection:

malicious

Classification:

troj.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1362801

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to infect the boot sector

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for dropped file

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

PE file has nameless sections

Snort IDS alert for network traffic

Yara detected Petite Virus

Yara detected Socks5Systemz

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

90%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/d308abf2c66d01bdf3ef1a56dc411c1d0d4692807cd4d7f7c275222f489ed63f

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d308abf2c66d01bdf3ef1a56dc411c1d0d4692807cd4d7f7c275222f489ed63f/

ReversingLabs TitaniumCloud Win32.Trojan.Generic

Threat name:

Win32.Trojan.Generic

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-12-15 16:53:08 UTC

File Type:

PE (Exe)

Extracted files:

5

AV detection:

7 of 37 (18.92%)

Threat level:

  2/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2mekx4wgnua3347pdjlnyqi4duguneuaptknp56courc6se62y7q._file

Threatray suspicious

Verdict:

suspicious

Similar samples:

2381e836157a97f3bb41820f6f032089482a9872ce597dd85baecdc487edf6d1

Socks5Systemz

23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768

Socks5Systemz

4c63b8f4645abecb4338b18559dc7842f53986eaf995cce1530ff6abf47a9931

Socks5Systemz

69e752639b68b97de52d8c1cde499be7fca51c8fe91fac9c0ae02be30d78f27a

Socks5Systemz

6a1edaddbee0de4f66de7a99c007baa8ba9ad297d3a7e0d750b8f27fe6154486

Socks5Systemz

6c997357d37e49570db5aeb5c982fd437743c7119908935cc96f60be6c92535a

Socks5Systemz

6e0ccbd59707ff8aa7b292f0978498980b3ee813cb124bf09263b5ba68bbd0c7

Socks5Systemz

7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117

Socks5Systemz

a386c4dc920a0710b5c76d13d517660e07a1ef4a693b91a87318e8e27e8b1566

Socks5Systemz

bf9d6e57e46938bd0258205bdc5ac050d12b5659e445484e7815f891fa38c469

Socks5Systemz

+ 4'334 additional samples on MalwareBazaar

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  7/10

Tags:

discovery

Link:

https://tria.ge/reports/231215-vdzdssgcak/

Behaviour

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Drops file in Program Files directory

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

UnpacMe INDICATOR_EXE_Packed_VMProtect

Unpacked files

SH256 hash:

bfe1ab607dfba71517a995a31be6628c8673dc723660804fd30f374d3989359c

MD5 hash:

e82f019ab3c2e83c05abd197c7912003

SHA1 hash:

a705c9f56bc7d7d0c6591d23337d89fdbabce756

Link:

https://www.unpac.me/results/9cdfa91e-d060-4a34-8a6b-118119846549/

SH256 hash:

b1d7f7b07488035bb2f51fd39aae2d5bc0f93228dd8b1879da7e742e782adbe6

MD5 hash:

055c55a467dff51237887efdd1cb3366

SHA1 hash:

94d43028968f8310481ded7810c2059ee964f13d

Detections:

INDICATOR_EXE_Packed_VMProtect

Alert

Create hunting rule

Link:

https://www.unpac.me/results/9cdfa91e-d060-4a34-8a6b-118119846549/

Parent samples :

6a1edaddbee0de4f66de7a99c007baa8ba9ad297d3a7e0d750b8f27fe6154486
a386c4dc920a0710b5c76d13d517660e07a1ef4a693b91a87318e8e27e8b1566
69e752639b68b97de52d8c1cde499be7fca51c8fe91fac9c0ae02be30d78f27a
d308abf2c66d01bdf3ef1a56dc411c1d0d4692807cd4d7f7c275222f489ed63f
2969d17095a7eb6bf3b083a7a9a824d1470e9ae49f3a2601e55e46f84e08a51f
ce545b283c8bab1e754150d94d56048121b3632040b8cbc914341a68164d29f1
cebb8a7897a0cf0c259cf3d61492d7ce31d5409e49d89fbc093d37a3d6327261
70d4763fe44cc63198b5cd53bc6ca94bf327b5590d1bfb1fc2703ad076c21bd7
e06defad3a1b0960a0abd7a85ace5ea601ae87b11e330903fdc6c9bc71d32471
f7cfade013d7ba71d5e7824120610fd4e0519ba6ae88f3bdfc088fab73dab2c1
e63d399b48529c9d9c09af3145c4a30e7259a9d7501eaf03627b9e0644f9c57d
f2181e24ca801a99d4c6f3e298039e4dc615500449c95bff72bac714e213d2ae
5ddac30bf8026e064a281de51e4f5ae357ec449404813f3a19aa26a56d87ae15
14dfc05ceee470df373d00d51bf51453d996009d935918bc9731724f10e3439e
d1a1028772423cc2c88196156d799b8edef159a39b82457eddd09978acc10d9d
d5ebc597eea5ccc76b857bed06c0528e5d623361fee552e494fd9c234c782a06
e04e90c67246865fdcac2076d640b5281a5aa6ced1711a1665a51a0ddc981e63
c9d2814266b596537b3cfcee9e9618112e90618611b9432a27c5316d398c7119
4a7cf5184e2783b39d31b1f14bdf8c5e65c8264087ca384eff8c290d25921d11
460ba5234569ed96c87ff1d99e698a3cd6f9a1eff0f87e697fd38b3424ebaaba
7b45af286596027aa2df12577823a64dd107b4b1734271ad12b5433ea1743a9e
ef131ac0a84eed3cdee27a3e9e3ed37e21f8f5f187fffaede1cd5302b1c5d94a
b05fc3398776c9b483f2121bcb5d4417f5b85cd09471fd38c4aaf232973f3e95
97520db5b722d2b97fd9222ed1474e475a8dae71bed6bc956065fe492aac1d69
81ea1f29997650e799f34a07b0d82ed1322686321baf8474175af0936b3bc89a
5b3f3b6a22c7f6425485d83369703b07fd3e69bed46f46c03786c6b3191763fb
bfa4a7125980fec05e7b25dbc8a79adf1ac71a924c3964a40a7cb310f0c9c2b7
5047b2de3cc7ea97d921e25764b804f2f680d6d4ac82de64e83bc4c5efd2f7af
2b0e4fee1aedd6e8086586de08ca3880e1d7c20e17047a6bf4b2d2e874998b18
2a34e938016225122cb38962834d89a2049f65300433d417993792efe3637faa
be7d4a58043f8e7c6865e419276fbb291da1215f407c4215e5bdba032a8f8acd
c6d232d6945f8203013f22148b119a808d94cd933c76aa75e3bb95e2f3f1ae82
f7dbdcfc3c61051a5833292901d29be2e48d84ad7a4dfdecbb342fab9b9a4acc
37fef9e62e709a347642fc296a503653112c3f6ea23aa5cecd901261ab26e456
ca34f1ee26343dc0221e3be6bd69d2c1eb51f860d9e068c9b6d287541471f1dc
a0472af8856b9f11d3cbb955f9a8015f3f763ae3d23040458aed8e9faaa18017
f3aefcce06ba9e85a0c48187f0539bdb3edcbb8f0cb5715f9f5344250292a046
28e504d0b421af4b25b1b5e10db01814c1f146edff74d18d5ece89a54ff6de92
301c6604473516b8cee6a003d8f3dffeee2286135a3bc2174fa3f0efb9b6763d
b379b9be1f1c1af940ea7c2b77061355aeda36a5974e84ce6146526d00238e5d
43c3103f9b53e628ed3643bcb688e129f8e33604e0eccaa39c4c981a6f06f81c
4118c6e28625cfdf26586b6d0539cdf56a763c9b59e8a44c410fef2b1635bacc

SH256 hash:

e2f81adc6b0d8bbe06f3821129e6dc51882d9b3036d91df51ed179c9a32e4c37

MD5 hash:

f083b1eb583b53582dca535f880e5e90

SHA1 hash:

df2ead6f5f5cfa26b81c64a185ab0d7d6a19ffe4

Link:

https://www.unpac.me/results/9cdfa91e-d060-4a34-8a6b-118119846549/

SH256 hash:

4e3601760f269c13bd66c7f046e5846bd07884b6170b3e71cf73817bc9b2c863

MD5 hash:

1947edcfd01276a20a3816c03dc58b04

SHA1 hash:

3e898b1fb378a0c109afca54c5f64fece7728793

Link:

https://www.unpac.me/results/9cdfa91e-d060-4a34-8a6b-118119846549/

SH256 hash:

d308abf2c66d01bdf3ef1a56dc411c1d0d4692807cd4d7f7c275222f489ed63f

MD5 hash:

d06d079543fd2f10bd4b488dfd0745bc

SHA1 hash:

f2769dc6b9b33034790267a203a44e78c84191cc

Link:

https://www.unpac.me/results/9cdfa91e-d060-4a34-8a6b-118119846549/

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d308abf2c66d01bdf3ef1a56dc411c1d0d4692807cd4d7f7c275222f489ed63f

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Socks5Systemz

exe d308abf2c66d01bdf3ef1a56dc411c1d0d4692807cd4d7f7c275222f489ed63f

(this sample)

  

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/467608/

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-12-15 16:52:44 UTC

url : hxxps://cream.hitsturbo.com/order/tuc6.exe