MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc65301b2065d587ca771f25bcaa129bc40dfef2294a54d5766075befe960079. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socks5Systemz


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc65301b2065d587ca771f25bcaa129bc40dfef2294a54d5766075befe960079
SHA3-384 hash: fbdcfa242f9cff0d42e047061e85dd8ecbc690878a4bae4c674f2b4cb19c071dd11d1f3b8c657eca05e9312825d95e79
SHA1 hash: fb79d0616b248b6209799e2446df900c5dc8f3b3
MD5 hash: 2b6b5f3357b66a375c1ff11f8e0d5e1c
humanhash: maryland-blue-coffee-social
File name:2b6b5f3357b66a375c1ff11f8e0d5e1c
Download: download sample
Signature Socks5Systemz
Create hunting rule
File size:7'447'052 bytes
First seen:2023-12-15 15:49:52 UTC
Last seen:2023-12-15 17:21:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'455 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 196608:QJcIMVr6m+qQPAq9CezsurXLQ9LEQ9hSHwrjpJdPYOuCnYxbhtzj:Ln/UPhKughQwfLdiWYhtzj
Threatray 4'318 similar samples on MalwareBazaar
TLSH T179763320B692C077D2212F74260DDAABEB42FC987574786D3ADDED5ECB0189D001DF6A
TrID 76.2% (.EXE) Inno Setup installer (107240/4/30)
10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.2% (.EXE) Win32 Executable (generic) (4505/5/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon 6060d8c8ead8b0b4 (29 x Socks5Systemz)
Reporter zbetcheckin
Tags:32 exe Socks5Systemz

Intelligence

File Origin
# of uploads :
2
# of downloads :
272
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/467572/
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.13437.5469.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for the window
Searching for synchronization primitives
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Modifying a system file
Creating a file
Creating a service
Enabling autorun for a service
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/657c75ad6b1c246046f54df8/reports/dde555cb-8e64-4435-bcb5-c6a788b39717/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/dc65301b2065d587ca771f25bcaa129bc40dfef2294a54d5766075befe960079
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/d4dee56e-11a1-44a0-a150-d335b1a949a0
Result
Threat name:
Petite Virus, Socks5Systemz
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1362745
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has nameless sections
Snort IDS alert for network traffic
Yara detected Petite Virus
Yara detected Socks5Systemz
Behaviour
Behavior Graph:
Download SVG
Score:
93%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/dc65301b2065d587ca771f25bcaa129bc40dfef2294a54d5766075befe960079
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dc65301b2065d587ca771f25bcaa129bc40dfef2294a54d5766075befe960079/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-12-15 15:50:08 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
7 of 37 (18.92%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3rstagzamxkypstxd4s3zkqstpca37xsffffjvlwmb2357uwab4q._file
Verdict:
suspicious
Similar samples:
0a86a03eb33ca09a55c10959585ba22b57d7b6c5d773f3fb3aa7185a621a6931
Socks5Systemz
1e24fdb0f0915cb04bd0bfe88ce7905d51318cb4f3650d5f72e9d8d56dca7a4d
Socks5Systemz
2ca3143628b515dc17d272e6986ae740b49e731b2a886e38fbfe9a159740b420
Socks5Systemz
53b6054838a9e7503580604b8c222d9b3bb80068ce98107864df9bd33f9df43c
Socks5Systemz
6c997357d37e49570db5aeb5c982fd437743c7119908935cc96f60be6c92535a
Socks5Systemz
6e0ccbd59707ff8aa7b292f0978498980b3ee813cb124bf09263b5ba68bbd0c7
Socks5Systemz
7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117
Socks5Systemz
c2e55f0a100ae9d0de039823ce47857095951cc1686aa32a82b07490d39f20fd
Socks5Systemz
e2cfcc962ac02df4c8f63150a680a1f16f40fafce530c2089445e7b2caad0163
Socks5Systemz
fbfc3a56bba1041d9d9ee8f3a467859585cd90534d068f5b7a7bd2e2b931b16e
Socks5Systemz
+ 4'308 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/231215-s9xtqsffh8/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Unpacked files
SH256 hash:
bfe1ab607dfba71517a995a31be6628c8673dc723660804fd30f374d3989359c
MD5 hash:
e82f019ab3c2e83c05abd197c7912003
SHA1 hash:
a705c9f56bc7d7d0c6591d23337d89fdbabce756
Link:
https://www.unpac.me/results/86571566-012e-49e9-b11a-818c66c9b12c/
SH256 hash:
d9460bbfb0c1ec873189af816aa1faaa9c5461da03b5bf9293ae3bf5ae552fb6
MD5 hash:
148888a24b7194b1ae7409145d3cd7eb
SHA1 hash:
69b584ca848479c2cbca7b0e8c8a126492d4c3b1
Detections:
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Link:
https://www.unpac.me/results/86571566-012e-49e9-b11a-818c66c9b12c/
Parent samples :
dc65301b2065d587ca771f25bcaa129bc40dfef2294a54d5766075befe960079
23bda1d8e92c34b73d2fd7cba0045363123b1ca703644e1272496020f48f0768
7bb6037c523bd02645d27f2c0c1064208d46589bdce89a7e6539687aa70c5117
41c26911be2b0a6de90a3b718748347aad4584d1f1d98b01c3caa1bb8e337d5c
SH256 hash:
dd145f45184c033725f9bee54245639c757bac08d4a321ca514fbd4e13474bcc
MD5 hash:
1541c8c0c9c56b7269e351994554ec3c
SHA1 hash:
54a92e81728559c3ef34a609f4b1f2e611fb7fdf
Link:
https://www.unpac.me/results/86571566-012e-49e9-b11a-818c66c9b12c/
SH256 hash:
a85836c8a63cb546e5c3dedd865725b62fdabf943e2a696b5d0b1052ae20f6a3
MD5 hash:
dd6211e93847aae38ebae3f4d624e3b1
SHA1 hash:
04a919056efa446116c0f9c8ba7034f22c7ac8aa
Link:
https://www.unpac.me/results/86571566-012e-49e9-b11a-818c66c9b12c/
SH256 hash:
dc65301b2065d587ca771f25bcaa129bc40dfef2294a54d5766075befe960079
MD5 hash:
2b6b5f3357b66a375c1ff11f8e0d5e1c
SHA1 hash:
fb79d0616b248b6209799e2446df900c5dc8f3b3
Link:
https://www.unpac.me/results/86571566-012e-49e9-b11a-818c66c9b12c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dc65301b2065d587ca771f25bcaa129bc40dfef2294a54d5766075befe960079

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Socks5Systemz

Executable exe dc65301b2065d587ca771f25bcaa129bc40dfef2294a54d5766075befe960079

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/467572/

Comments


Avatar
zbet commented on 2023-12-15 15:49:53 UTC

url : hxxps://hitsturbo.com/order/tuc6.exe