MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebb59161759ac7e1a5c5b58f4eac53013778d1d39a5be4979c099a80c7f0bc55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socks5Systemz


Vendor detections: 5


Intelligence 5 IOCs 2 YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ebb59161759ac7e1a5c5b58f4eac53013778d1d39a5be4979c099a80c7f0bc55
SHA3-384 hash: 03666420a994459ee2ba406f77bfa41082d7fa7b4964a210620a95d8c94466511af634186a489ed66d81930e4334bcb4
SHA1 hash: e089ec04117065c49abb12cfb6f5e1dfdcf5f82f
MD5 hash: d95bfd3890f77c0be2c92f0bdafae715
humanhash: island-vegan-zulu-fruit
File name:archive.zip
Download: download sample
Signature Socks5Systemz
Create hunting rule
File size:11'048'339 bytes
First seen:2024-07-11 12:27:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:/ExyzfvR+eQV9I9UjqKYuO2T6B562Q2nHs2Oaq8Bz/L:sxofLgI5KY6WBdMxQL
TLSH T128B6334195A78F40C45E6279C2CB6B4A76AEBB4E6522DB0F0350F11B3EF37F4A766102
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter aachum
Tags:file-pumped Socks5Systemz zip


Avatar
iamaachum
https://karelyfile.com/adobe+acrobat+xi+pro+11.0.1+multilanguage+chingliu+crack.zip => https://drive.google.com/file/d/18SXKUCa37MzpGTv2W6gOE7NIRHCY5EMy/view

PrivateLoader C2:
http://5.42.99.177/api/crazyfish.php
http://5.42.99.177/api/twofish.php

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://85.28.47.30/920475a59bac849d.php https://threatfox.abuse.ch/ioc/1294769/
45.155.250.89:80 https://threatfox.abuse.ch/ioc/1285768/

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
ES ES
File Archive Information

This file archive contains 75 file(s), sorted by their relevance:

File name:vsdevcmd_end.bat
File size:3'878 bytes
SHA256 hash: a06de3d13c6efa07f9022c40909b4848509cd9026bee2ee3f49dbd1464572b2c
MD5 hash: 2eba6b51f53d1d782fcef952417fb26d
MIME type:text/plain
Signature Socks5Systemz
File name:NuGet.Credentials.resources.dll
File size:15'224 bytes
SHA256 hash: ef0db57dffec69c5691dfd7964b4d44c488224f95fec18f28ac2347a53710506
MD5 hash: dc8f6440d7744cbcba6662ff91cdc0a0
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:vsdevcmd_start.bat
File size:3'941 bytes
SHA256 hash: ef37ef605c74a8fe18dd5a97f6b6ea948d6363fd1624df295169316399d532d6
MD5 hash: 78d3bf599e311bbd48f520e504da42ce
MIME type:text/plain
Signature Socks5Systemz
File name:Microsoft.VisualStudio.DevShell.resources.dll
File size:14'216 bytes
SHA256 hash: 34236fd4b7cf8815c6f01a50a8ff787baf42464b7472657d7c27555d017590a4
MD5 hash: c4dbe5a4d9ab4cb5a6630625b9b38d08
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:Microsoft.Build.Tasks.Core.pkgdef
File size:345 bytes
SHA256 hash: d4a1e649a487a581514adc474f70f58289859e512eddbc6372756335d05ad076
MD5 hash: 2e2fc869188f64762e0acdc7a39d3b83
MIME type:text/plain
Signature Socks5Systemz
File name:qsvgicon.dll
File size:38'256 bytes
SHA256 hash: b2b420aa1805d8b5dc15ccb74dd664d10bd6ba422743f5043a557a701c8a1778
MD5 hash: 90bb882a4b5e3427f328259530aa1b3b
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:NuGet.PackageManagement.resources.dll
File size:28'024 bytes
SHA256 hash: afd5adcb8918b13d0b5843fe466512d0bd8ffcfe4e01771f23098429917097c0
MD5 hash: 7e05c88e05ef6eec5806dfb478c758b3
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:NuGet.Packaging.resources.dll
File size:65'928 bytes
SHA256 hash: f68b5b623c10e9831171c3f481d47da065aaaad38814b27ea8913fed3e85b03a
MD5 hash: 49f7a710aec580abde402e8fb1b79b13
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:MSBuild.clientenabledpkg
File size:239 bytes
SHA256 hash: c9f4b2141ddfbd765e7761810c07bdbc58ab9170fca9b262f0a0ec3dad3241bd
MD5 hash: 160271119135efc0aba8bedca3194843
MIME type:text/plain
Signature Socks5Systemz
File name:System.Text.Json.pkgdef
File size:323 bytes
SHA256 hash: 4f58efaa0bde2b1491fde66bc19c8cf14c8c44dc561464298a8e607746d3892d
MD5 hash: 8c59f02cf49f9b6fab0877100227dcbc
MIME type:text/plain
Signature Socks5Systemz
File name:Microsoft.Build.pkgdef
File size:323 bytes
SHA256 hash: 12b295ddd15ac410f87869f770874ba0122200dbb11b599e48eb2fe7298e726c
MD5 hash: 8db2be951d2b10ad3460087c59ce2cf9
MIME type:text/plain
Signature Socks5Systemz
File name:Microsoft.Build.Conversion.Core.pkgdef
File size:355 bytes
SHA256 hash: b81f5e44f4cffc8356e0044800b8ac8232b079cdc7a38ea89938b6e45525dc1e
MD5 hash: ee6dbfe11916e596177bf6549415a718
MIME type:text/plain
Signature Socks5Systemz
File name:qgenericbearer.dll
File size:46'448 bytes
SHA256 hash: 086d6ba24f34a269856c4e0159a860657590d05aabb2530247e685543b34c52f
MD5 hash: dba35d31c2b6797c8a4d38ae27d68e6e
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:dotnet.bat
File size:9'918 bytes
SHA256 hash: 449c349fb55318e5366c311f9590cdc02e3bb094e99bc76480db6819d08604e5
MD5 hash: 2d97c8472010a31ca8be681b44455a61
MIME type:text/plain
Signature Socks5Systemz
File name:qwebp.dll
File size:333'168 bytes
SHA256 hash: b057c49c23c6ebe92e377b573723d9b349a6ede50cfd3b86573b565bf4a2ae0b
MD5 hash: f859ecc883476fe2c649cefbbd7e6f94
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:qt_de.qm
File size:172'854 bytes
SHA256 hash: cd711e09012f37003af75e982e2e40df14445aca2800a3702a18612074ad660b
MD5 hash: 91899280efb4496c8ac0a004cd1469e2
MIME type:application/octet-stream
Signature Socks5Systemz
File name:NuGet.Commands.resources.dll
File size:50'552 bytes
SHA256 hash: 2778c9c9195a45b34be5e630392db56f3e2f27fbf897a201d7b4d28a7cfcb1af
MD5 hash: 8fb697aa124332c8daaa6cd0d347a630
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:qt_lv.qm
File size:153'598 bytes
SHA256 hash: 257d1201da42c19c34ea0a5f0dfbba3d438fc273a7d5b5b97cd13196e963ed28
MD5 hash: 788862615b8fb13b52e4a80a8c54b3bf
MIME type:application/octet-stream
Signature Socks5Systemz
File name:Microsoft.Build.Framework.pkgdef
File size:343 bytes
SHA256 hash: 98568d3b1c83b0c4bed13adb1ffd3ee859eb43621545d24a6fe1afcdab92353d
MD5 hash: f2c5ba847c9546d63513118ee4a2cbc3
MIME type:text/plain
Signature Socks5Systemz
File name:debug.txt
File size:10'664 bytes
SHA256 hash: 53bdf22516f95f7a6d76933c9a2e363c1e708af00f5ddaf702abe5e92fcccce7
MD5 hash: 00cd55bbc58b5445294e56f37eef2b75
MIME type:text/plain
Signature Socks5Systemz
File name:qt_it.qm
File size:154'226 bytes
SHA256 hash: 59ae1b0ba84319bb0dae700b97bea3506521459928253409233491458d0dd80d
MD5 hash: 27fd50befb67ab6a1895351458aec38b
MIME type:application/octet-stream
Signature Socks5Systemz
File name:qtga.dll
File size:26'480 bytes
SHA256 hash: 2b6444d2a8146a066109ca19618ceee98444127a5b422c14635ab837887e55bf
MD5 hash: d0604a5f13b32a08d5fa5bd887f869a6
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:parse_cmd.bat
File size:10'278 bytes
SHA256 hash: 9d216e6e59f4ac0dc1ce0854be210053ee473c4f95b944c0204dc05f66b54d92
MD5 hash: 617ba1ac334a7a30958d6af0d5b0475d
MIME type:text/plain
Signature Socks5Systemz
File name:NuGet.Protocol.resources.dll
File size:27'536 bytes
SHA256 hash: 30741affb80f0b66b555a9e772445280a4d999a1f47d4231587344677bca8315
MD5 hash: 481119816ed92b29accc28752634c3ef
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:winsdk.bat
File size:16'058 bytes
SHA256 hash: 3d5ad7a6cb19d044a41beb8d77fea32bfa9367c76d0db0ff5f93a4b95c120b1c
MD5 hash: c0fec4b7084baa67ecc482eadf4f3e0d
MIME type:text/plain
Signature Socks5Systemz
File name:ThirdPartyNotices.txt
File size:2'728'456 bytes
SHA256 hash: 39f8e7264cdbf444d6aa1ec398902450dca084f476d809c3361f30de653cb3b8
MD5 hash: ecb4be39e17af2062b6b4cf4d534cede
MIME type:text/plain
Signature Socks5Systemz
File name:qt_fr.qm
File size:166'157 bytes
SHA256 hash: 7d40eaa90d9094ce548a41482b496ec494396a82361d4f3d031756118ed042d2
MD5 hash: 37f2ac5cf8ea04844351ae0bcf8420fb
MIME type:application/octet-stream
Signature Socks5Systemz
File name:LaunchDevCmd.bat
File size:103 bytes
SHA256 hash: 326551278d29218a3426a33e6c15a6dc903b5977fbb5ff77779911665c67695d
MD5 hash: 93a13667970582f3221fd5a7f72549ff
MIME type:text/plain
Signature Socks5Systemz
File name:Microsoft.Build.Utilities.Core.pkgdef
File size:353 bytes
SHA256 hash: fd7f4c4ace9496b22cd40c71221311f8667b1f89f6cb50fa2f95ca7a83bc806e
MD5 hash: 8a1e1c1ef4c4b487b1ab684b6eb8ac4d
MIME type:text/plain
Signature Socks5Systemz
File name:NuGet.LibraryModel.resources.dll
File size:12'664 bytes
SHA256 hash: 0c64471946e0705e30f4170c92c858de4986008ac16e2331128cbc20364f8f74
MD5 hash: 374c0b60584d7f33473b04a557abe7b7
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:VsMSBuildCmd.bat
File size:611 bytes
SHA256 hash: 2666e40da6c8651312e1049fc552e92b275564a63880f25fab8fa227da3a2c4d
MD5 hash: 81cdeba282e732d0f1e9f93c0345dd67
MIME type:text/plain
Signature Socks5Systemz
File name:qwbmp.dll
File size:26'480 bytes
SHA256 hash: 043f3acf1dc4f4780721df106046c597262d7344c4b4894e0be55858b9fad00e
MD5 hash: 131a58669be7b3850c46d8e841da5d4e
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:qt_en.qm
File size:23 bytes
SHA256 hash: 307cef95dd5b36ff215055d427e1885b7fc3650c9224cf76d63056545996ff60
MD5 hash: 4aef4415f2e976b2cc6f24b877804a57
MIME type:application/octet-stream
Signature Socks5Systemz
File name:qt_hu.qm
File size:90'989 bytes
SHA256 hash: d3c07628b68a39691b1ea9175a9cd151489cbc731a57a66c865d62167a5ec0f2
MD5 hash: ed4dc26eaa9ce4224010eaff7991774b
MIME type:application/octet-stream
Signature Socks5Systemz
File name:roslyn.bat
File size:1'263 bytes
SHA256 hash: f417aeb7f9c2387df16e397c70e90643cba4e0c40741ba669d08509c387ae534
MD5 hash: 1e2c27b73ebc1d1e9db40e543d83fa5a
MIME type:text/plain
Signature Socks5Systemz
File name:qt_ko.qm
File size:124'101 bytes
SHA256 hash: 0572429dc3c7f4055343a3f4e28463c505df1c97211d1fb6a7430c145b62a9f2
MD5 hash: db5873e7ce145306a188a90f60bddc84
MIME type:application/octet-stream
Signature Socks5Systemz
File name:NuGet.Versioning.resources.dll
File size:13'176 bytes
SHA256 hash: f55b47c4b038e5117cc98e070311f7ed7269bc9e00a1d76edab8cc7bb726ee33
MD5 hash: 88375925566f8bb81a92db7675cb967c
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:Microsoft.Build.NuGetSdkResolver.resources.dll
File size:13'192 bytes
SHA256 hash: 4a68792e3d4dee44b26aebd6824939e10966441717f7281cb7158ad00e2ffffe
MD5 hash: 8a6d103132c3ed03c0b3a3a19dda4770
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:Microsoft.VisualStudio.DevShell.dll
File size:35'728 bytes
SHA256 hash: 220f001b4283ec2071e3f4d942f0dc9f6a765c5bbf965e1edeed5030cd1cbfb0
MD5 hash: 30a0bd7a751619f40092dfafaff4e673
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:msbuild.bat
File size:1'100 bytes
SHA256 hash: d6842d57e8e0ee1d0e91773489da4e043ff7ca77d829aedb4b5a6607c73875ef
MD5 hash: 0a14b797b3bcb3967a3f8d0efa0a9644
MIME type:text/plain
Signature Socks5Systemz
File name:qt_cs.qm
File size:158'455 bytes
SHA256 hash: 6862ce2bbffe5171dcc67b046e5ae6e2e9984c3e981d64b7fbd4a1fc4763a61e
MD5 hash: c32e1507b5bc25e5c34c1ec0262141e1
MIME type:application/octet-stream
Signature Socks5Systemz
File name:qsvg.dll
File size:27'504 bytes
SHA256 hash: 6bae9af6a7790fbdee87b7efa53d31d8aff0ab49bdaaefd3fb87a8cc7d4e8a90
MD5 hash: 2831b334b8edf842ce273b3dd0ace1f8
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:qico.dll
File size:33'648 bytes
SHA256 hash: 9d942215a80a25e10ee1a2bb3d7c76003642d3a2d704c38c822e6a2ca82227bf
MD5 hash: eddf7fb99f2fcaea6fe4fd34b8fd5d39
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:NuGet.Configuration.resources.dll
File size:19'320 bytes
SHA256 hash: ff2f7a6ac17047ef22893b2257e9efc9e1a137c30acfc9fe0b8a0b2c865656f5
MD5 hash: 3c901a394f861ada65a2a9fc0a5accde
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:StringTools.pkgdef
File size:341 bytes
SHA256 hash: 19058d8a479613c7019877a035205044054918bf7930e27fe7f94b123952c6c2
MD5 hash: f4d9674307bda6700171bb90cae5c2cd
MIME type:text/plain
Signature Socks5Systemz
File name:qtiff.dll
File size:321'904 bytes
SHA256 hash: f9ebf4c98c1e0179cd76a1985386928fdb9e6f459e2238ed5530d160df4f0923
MD5 hash: 756d047a93d72771578286e621585ed2
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:NuGet.DependencyResolver.Core.resources.dll
File size:13'176 bytes
SHA256 hash: d7b9021acdd57e36e986d433645a16300b6cd089443ddf526ca49602de0695f4
MD5 hash: 836973261da90b5c7222f23c3ae28005
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:libGLESv2.dll
File size:4'645'384 bytes
SHA256 hash: af4f66e79e0cc1e4254f023cfb7f0140561c7d4e38d9bcf6184e8e69b32540db
MD5 hash: e307e977ebb1df8ba0957a412425ed23
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:NuGet.ProjectModel.resources.dll
File size:17'288 bytes
SHA256 hash: 0bf5b6affb69890a25c2b7dcb6f2c8e55247b9fea233ecdb2249fd2237c7f10e
MD5 hash: e29ed62f4d441dfcaeb6d4bbfa6131a1
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:qt_fi.qm
File size:160'704 bytes
SHA256 hash: a620e2980667c6083574a7f858ca8c5b486fd760e30266072cb55e69439e8174
MD5 hash: 92ac874c000583d87b0ffb3d7887e947
MIME type:application/octet-stream
Signature Socks5Systemz
File name:NuGet.Resolver.resources.dll
File size:14'728 bytes
SHA256 hash: a3c1c044047f8fefeb9e958d93c116284d642bf8b0e8e4d354468778f05e871d
MD5 hash: a39e664a3bc119edfe05b3381a60ba9b
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:System.Resources.Extensions.pkgdef
File size:346 bytes
SHA256 hash: 56dc5380cabd6b4e2ac6a14fee28c441d281e321e4d07d9689a72b512f0aaaee
MD5 hash: 48034cba5310acb31ce3a2b5a3041166
MIME type:text/plain
Signature Socks5Systemz
File name:qt_ru.qm
File size:158'824 bytes
SHA256 hash: d53ae70615ad64d5f08e2dd322462aec33a3d3765f15ff0339079424fa893aa3
MD5 hash: 9ff2dec30e74ba0766e1811ea9b99d6f
MIME type:application/octet-stream
Signature Socks5Systemz
File name:qgif.dll
File size:33'136 bytes
SHA256 hash: d5459a707922dd2bf50114cc6718965173ee5b0f67deb05e933556150cfdd9d1
MD5 hash: c108d79d7c85786f33f85041445f519f
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:qdds.dll
File size:46'960 bytes
SHA256 hash: 3a71a119eeabce867b57636070adeb057443a6ec262be1360f344cb3905545db
MD5 hash: 3fdb8d8407cccfaa0290036cc0107906
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:project.xml
File size:110 bytes
SHA256 hash: 5c4cb5e6d9d83eb736534a8a6f4c197b967c8c2179677af177ec33e41b34064e
MD5 hash: e0d6e8c89b3c4698703a1e9db1598acb
MIME type:text/xml
Signature Socks5Systemz
File name:qt_ca.qm
File size:174'279 bytes
SHA256 hash: 0823a46af6af55ae23c28316d62e6b3131d3b2cb8626e42e9fc4e87039ee9502
MD5 hash: 62772a21b7e1aa17e10df024ad8e7b85
MIME type:application/octet-stream
Signature Socks5Systemz
File name:Microsoft.Web.XmlTransform.resources.dll
File size:18'312 bytes
SHA256 hash: 4881fa740140144b638eb0414afd9ff32680dea03d6c652c26cfac5d1f0ee14b
MD5 hash: 176cd00fca6af88f9dd174939efe6699
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:vsn.exe.config
File size:120'023 bytes
SHA256 hash: 6421472c5757797bd48626db2f948f75fbdbc8eed6fa65129a8ba0de724eae0b
MD5 hash: 5fc850ad18e94b8b091b90adfd3dbeea
MIME type:text/xml
Signature Socks5Systemz
File name:qnativewifibearer.dll
File size:47'984 bytes
SHA256 hash: c209d080a62f5e67ddc01a3ae6b4f9b103faf4104c93b7dbb5ffa8d548bf0cd5
MD5 hash: a8bca50f7966f578b127d1e24fc2430f
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:qt_uk.qm
File size:158'319 bytes
SHA256 hash: a633805fec82639230c2ac513dd7447e2ee10089f5ea1d281d12b4ee97a504c3
MD5 hash: b8113667d2222f6a705d744718407fcb
MIME type:application/octet-stream
Signature Socks5Systemz
File name:qt_ja.qm
File size:129'904 bytes
SHA256 hash: f0ee03c9936b459cc9bdf184df9b7efad98d40ab7b99e89166a42e019a0ec0ea
MD5 hash: 1c0ab06b3388e79a2206cbfd28e374a2
MIME type:application/octet-stream
Signature Socks5Systemz
File name:qt_sk.qm
File size:125'753 bytes
SHA256 hash: 0144819728779d0861859f5451cd5588b2f2def611edeb77b38655d62bdbdf86
MD5 hash: fed9c191096819dd208e0e3e2d051170
MIME type:application/octet-stream
Signature Socks5Systemz
File name:NuGet.Frameworks.resources.dll
File size:14'200 bytes
SHA256 hash: 2e7bf265977803b9073f4e13c90e1405a1e23dd4869f1adeb02b99a4b5122b30
MD5 hash: 8ef1ec7c742733050958d6aaef5cd4bb
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:Microsoft.Build.Engine.pkgdef
File size:337 bytes
SHA256 hash: 8efd5ef5f14896e5d233e61dcb8f845485de567aaaee02755519e63a1f810450
MD5 hash: 42d76f8a3a32ae0cf759946f4c112020
MIME type:text/plain
Signature Socks5Systemz
File name:qicns.dll
File size:39'280 bytes
SHA256 hash: e665f3519309bae42e0e62f459ecc511701ddddf94599ebfd213d0a71775c462
MD5 hash: 52c6978203ca20beead6e8872e80d39f
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:NuGet.Common.resources.dll
File size:14'712 bytes
SHA256 hash: 917c741df028c017064d376f8824dc146ce2f4e04f637c6e925c80d4bc203ef7
MD5 hash: 5239fef96092edd8d769b8f70ecdcf37
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:VsDevCmd.bat
File size:11'073 bytes
SHA256 hash: 6a92e2763d9f6f64d577b8f41ed309749793bf8be1671b39716b4044bb0d626f
MD5 hash: 9d1633061f6e679121d488351bfa967b
MIME type:text/plain
Signature Socks5Systemz
File name:qjpeg.dll
File size:251'760 bytes
SHA256 hash: 45c1f50c922ac1d9d4108e37f49981fd94f997667e23085cb2ea226d406c5602
MD5 hash: 3232706a63e7cdf217b8ed674179706c
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:qt_he.qm
File size:139'222 bytes
SHA256 hash: d7836f59ef79314db1f4ab6b76abc283ab2b5d4942d2bc129d620e913e294153
MD5 hash: 6f1b2e6e4e6898df7aba717c5eca7fbf
MIME type:application/octet-stream
Signature Socks5Systemz
File name:Launch-VsDevShell.ps1
File size:20'486 bytes
SHA256 hash: 28c3b390557b2cd65db9958faf9b3b21364e09054c2dff4f7a3efb10d93f9296
MD5 hash: 8d9dca101c5c0314069efe44656ec954
MIME type:text/plain
Signature Socks5Systemz
File name:netfxsdk.bat
File size:6'861 bytes
SHA256 hash: 6a10eef69fb78b74ca4bdff565d9241c66eea9edc1f61b69af2cbe6bbad20b5e
MD5 hash: 5a157c7191d5fecd4793ffb6a1780c92
MIME type:text/plain
Signature Socks5Systemz
File name:NuGet.Build.Tasks.resources.dll
File size:15'224 bytes
SHA256 hash: fb4a0fafe856edb46cab6342a6bcae37ce1bacc1de3b56f920edfe30c4caa05d
MD5 hash: b09ec4f1f05752565ed503ec8573b662
MIME type:application/x-dosexec
Signature Socks5Systemz
File name:System.Text.Encodings.Web.pkgdef
File size:341 bytes
SHA256 hash: e355ef1d6e389b5e7fcf9fa297c462bbac816d03e1dbfbba021b47169901ec84
MD5 hash: 1eba4d51e612de2b3545dcba6d65bdfc
MIME type:text/plain
Signature Socks5Systemz
File name:Setup.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:831'000'000 bytes
SHA256 hash: 9c6d924afa3b84241a00762d243b156a2af26374154de67a89cda3e4ef37a2c8
MD5 hash: 882c754fb952c8abb850dc3c11c7fde2
De-pumped file size:4'595'200 bytes (Vs. original size of 831'000'000 bytes)
De-pumped SHA256 hash: 45649f83e5d1e0a332c3f54cde59b359b98c26cc4acbaf62d267e3a2b6e8dc01
De-pumped MD5 hash: 00878a04a4fa5d7b2badd05e26970fb7
MIME type:application/x-dosexec
Signature Socks5Systemz
Vendor Threat Intelligence
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=668fcfd750cbfd4734a8ad8ewin10vpnfull_triage
Tags:
n/a
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/ebb59161759ac7e1a5c5b58f4eac53013778d1d39a5be4979c099a80c7f0bc55/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/ebb59161759ac7e1a5c5b58f4eac53013778d1d39a5be4979c099a80c7f0bc55
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/ebb59161759ac7e1a5c5b58f4eac53013778d1d39a5be4979c099a80c7f0bc55
Score:
0%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/ebb59161759ac7e1a5c5b58f4eac53013778d1d39a5be4979c099a80c7f0bc55
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ebb59161759ac7e1a5c5b58f4eac53013778d1d39a5be4979c099a80c7f0bc55/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5o2zcylvtld6djofwwhu5lctae3xruottjn6jf44bgnibr7qxrkq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion
Link:
https://tria.ge/reports/240711-ppgp8syepa/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Drops file in System32 directory
Looks up external IP address via web service
Modifies firewall policy service
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ebb59161759ac7e1a5c5b58f4eac53013778d1d39a5be4979c099a80c7f0bc55

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Socks5Systemz

zip ebb59161759ac7e1a5c5b58f4eac53013778d1d39a5be4979c099a80c7f0bc55

(this sample)

Vidar

Executable exe e65f08b6749e63fea544cd201161e63abe6925e0e739faddda2bd4af5af56b97

  
Link
https://tria.ge/240711-pb6r7syalh
anyrun
any.run
https://app.any.run/tasks/d53d9e9e-bd1a-4352-9473-0d69a61dc506
  
Delivery method
Distributed via web download
  
Dropping
SHA256 e65f08b6749e63fea544cd201161e63abe6925e0e739faddda2bd4af5af56b97
  
Dropping
MD5 d7a35e65bb9b48b344ee09594ac3193d
  
Dropping
SHA256 89087589cb57d8578d11aade3a2debde6d40dbaafa03a19e3031f8695b7af229
  
Dropping
MD5 36c4fd4f39590016d3e0203cb2e5b259
  
Dropping
SHA256 8345803c6780d770d0ea3df50d6c06d6b1113e7316b3d93dbea7e54a9fdcd58c
  
Dropping
MD5 fe3aade85026dd848fdf2f63952ff734
  
Dropping
SHA256 837340da10b33b25bca1c15db3b273bfde18110b46949e8c545f31756e7b44bd
  
Dropping
MD5 5dcb471423fbb62d7c218760aee4936d
  
Dropping
SHA256 6ab0929361ee1a7fdc900bb0f6e50e999183a7c1aef1f44951b7847e86dfd3bc
  
Dropping
MD5 0b4cc01ce62da8ed72b98a896c11c1dd

Comments