MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f95e2ed824d17844bbe1277cf764fbc769bcccd8d38cda03ca30f4c7b98eedbd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Socks5Systemz


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f95e2ed824d17844bbe1277cf764fbc769bcccd8d38cda03ca30f4c7b98eedbd
SHA3-384 hash: 0d2ad6e8493fca7aa62467c51b1286646f6ed832e8ec774c141f4fa0c1d2ca494b799d245c69e167cc61e0cf56adcfa9
SHA1 hash: 1a3445e369fd8821c8c7f98dbe854ea041ca8c72
MD5 hash: 8c8d67886630409bdb18df91a33d88b3
humanhash: neptune-pennsylvania-five-pennsylvania
File name:file
Download: download sample
Signature Socks5Systemz
Create hunting rule
File size:7'054'359 bytes
First seen:2023-12-21 16:21:29 UTC
Last seen:2023-12-21 18:19:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'453 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 98304:I4bl3vfxBteThymDliVPPcm/HeX6WtEcPzInANypjjfZNlR1KDUPdOU/TENGWUwH:zh7teThPZidcKj8fPz6+4jb1KswNdDJF
Threatray 3'727 similar samples on MalwareBazaar
TLSH T1EA663392876B9A39C13BACB94720C36B41CE7B6F54FD6A23F99D32F9103F245A101365
TrID 76.2% (.EXE) Inno Setup installer (107240/4/30)
10.0% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.2% (.EXE) Win32 Executable (generic) (4505/5/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter andretavare5
Tags:exe Socks5Systemz


Avatar
andretavare5
Sample downloaded from http://zen.topteamlife.com/order/adobe.exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
297
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468819/
Detection(s):
SecuriteInfo.com.FileRepMalware.28553.11116.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control installer lolbin overlay packed shell32
Link:
https://www.filescan.io/uploads/6584662ef4b6e5e163538e55/reports/c64ddb76-9cb5-47d8-bc8d-aba722c17fc3/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/f95e2ed824d17844bbe1277cf764fbc769bcccd8d38cda03ca30f4c7b98eedbd
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/9a117f64-1aab-482f-a32f-1802b9c6455b
Result
Threat name:
Petite Virus, Socks5Systemz
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1365665
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to infect the boot sector
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found API chain indicative of debugger detection
Multi AV Scanner detection for submitted file
PE file has nameless sections
Snort IDS alert for network traffic
Yara detected Petite Virus
Yara detected Socks5Systemz
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1365665 Sample: file.exe Startdate: 21/12/2023 Architecture: WINDOWS Score: 100 46 Snort IDS alert for network traffic 2->46 48 Antivirus / Scanner detection for submitted sample 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 7 other signatures 2->52 8 file.exe 2 2->8         started        11 svchost.exe 3 14 2->11         started        process3 file4 32 C:\Users\user\AppData\Local\Temp\...\file.tmp, PE32 8->32 dropped 13 file.tmp 17 71 8->13         started        16 WerFault.exe 2 11->16         started        18 WerFault.exe 2 11->18         started        process5 file6 34 C:\Program Files (x86)\...\rbuttontray.exe, PE32 13->34 dropped 36 C:\Program Files (x86)\...\is-EH827.tmp, PE32 13->36 dropped 38 C:\Program Files (x86)\...\is-BASB6.tmp, PE32 13->38 dropped 40 99 other files (none is malicious) 13->40 dropped 20 rbuttontray.exe 1 15 13->20         started        23 rbuttontray.exe 1 2 13->23         started        process7 dnsIp8 42 dddxeal.info 185.196.8.22, 49738, 49741, 49742 SIMPLECARRER2IT Switzerland 20->42 44 95.216.227.177, 2023, 49739, 49740 HETZNER-ASDE Germany 20->44 30 C:\ProgramData\PDiskSnap76\PDiskSnap76.exe, PE32 23->30 dropped 26 WerFault.exe 21 16 23->26         started        28 WerFault.exe 16 23->28         started        file9 process10
Score:
96%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/f95e2ed824d17844bbe1277cf764fbc769bcccd8d38cda03ca30f4c7b98eedbd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f95e2ed824d17844bbe1277cf764fbc769bcccd8d38cda03ca30f4c7b98eedbd/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7fpc5wbe2f4ejo7be56pozh3y5u3ztgy2ognua6kgd2mpomo5w6q._file
Verdict:
malicious
Similar samples:
2e5f254e9c05713600953d6f863b276d5bf99436f797f83b96bba01c6dc347c9
Socks5Systemz
4f87fc85d3cc75f3f1f5ccfc0bcf3b9cb2fa2d9abb136ea638bdb2d24f077d42
Socks5Systemz
50deae409fb59a34e979ff03ca4275e42ee84244bc0c0ab9969fae5d7bbfb170
Socks5Systemz
599119c9efb698ce9ce8c82b2f26ce5890ac5c2154be16240598701e93221e9d
Socks5Systemz
62b2611c09d13ec267ac23f032ea5ea3c449599e45f0fb1dd6ea793f7cae1337
Socks5Systemz
656df7cc73c27f485aec52294f5a67af7568bd687b3f643b5bbcc69aac472e35
Socks5Systemz
6cdf8f535a18ae5250941caf2ff3b229799da2e81e84d4187af5d1247c29bdb5
Socks5Systemz
930bed06faf3901edb03f37ad01b44e7510f112b98e898e0addc99c31a146d7d
Socks5Systemz
a1f6707be04f5e2c5cba09631a4cd57778a75b9161669c60e04cb78d41851955
Socks5Systemz
f21954a5ffc526c3d317412372f18efb845e6042408c0d7df27682927f83b6af
Socks5Systemz
+ 3'717 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/231221-tt8fzabbaj/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Program crash
Drops file in Program Files directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unexpected DNS network traffic destination
Unpacked files
SH256 hash:
1d2973a2f7875c8f4a1833276a7c7d2cd297b7da9cf5f2c8f79541016dbbcc90
MD5 hash:
c7890529841e1f3ab4da69d31d20a3b8
SHA1 hash:
d75d52cb54f30db348f915b8849badd757494c5d
Link:
https://www.unpac.me/results/0295a125-6d6f-4268-bfb8-58604becfe12/
SH256 hash:
ee1a3c1100dec8fd23709a7245944c8b65841810b37e2d90de9c3f45c0ac68cb
MD5 hash:
2dd87dbeca4a27b80fcf71e09fb953b7
SHA1 hash:
0183fccc631fd0ad12d1e711924c99d18a205b88
Detections:
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Link:
https://www.unpac.me/results/0295a125-6d6f-4268-bfb8-58604becfe12/
Parent samples :
f95e2ed824d17844bbe1277cf764fbc769bcccd8d38cda03ca30f4c7b98eedbd
f191ecdd2e5bfa3159591ed10b4b88437f56fbc917d817489372b7dd634b991b
2d99fc04c07bcbb87ce1924199570c3a141183389adc60cd2b30571ab8122e16
b4ecc5343955cdb23df3e6b83aced689ba863446522a70846db453e5ba0e89f8
b68a7b8dd9c38abd30e56aa95f2ab80519b9d5fdbff1a726ed231891f04edae5
8e8433d03b7a1a6c5bcd623ffb4a55014516e6afe0ee1974a9ab42da56326003
d7c0c7650124d5fc3ceb01652ae9b3f54898797bdb77733333b80be530f44814
47faba85acbea0576e7006d53edc27352a95afb100fa60234e57b41d4a3d5cd7
00ba60c535b204b6a18ebe2a27905d9ded150725d4a6a374ee8c4065d677a3e9
c3d49b625f72eb6ce52ddbcfa28ddea1b0cbda77dab0df8cc13bd05a05414a49
ea5d47d8d7fd5fc8268d7b65905c97b6e90d1be33af2be882cc744ad5740912c
af72d998606947486a87fd2c1dd93afa42154511ee5c4b220d3f1aa07426cd91
a080de20aa321af83e8570c5bf58f3f3644b043d807a3acabed4e546eb49a6c2
SH256 hash:
074d8a8e57bd0c65e38b2b33a2b0dfac7ebc203c62d69aba25816b3b1b5a6a6e
MD5 hash:
a4981bbe09d501759fa80a250bac0c5c
SHA1 hash:
dfecaf6828dba02680d6dc24d29be88bb8031785
Link:
https://www.unpac.me/results/0295a125-6d6f-4268-bfb8-58604becfe12/
SH256 hash:
323f555793af5bb8c5cae0e655fa2104c638c9bea480f52261ee2e0501476561
MD5 hash:
a4a65b014344fcce064412bc59ff6881
SHA1 hash:
9c35f49f2c6b11fe35d5428e5cef7cc4409b453c
Link:
https://www.unpac.me/results/0295a125-6d6f-4268-bfb8-58604becfe12/
SH256 hash:
f95e2ed824d17844bbe1277cf764fbc769bcccd8d38cda03ca30f4c7b98eedbd
MD5 hash:
8c8d67886630409bdb18df91a33d88b3
SHA1 hash:
1a3445e369fd8821c8c7f98dbe854ea041ca8c72
Link:
https://www.unpac.me/results/0295a125-6d6f-4268-bfb8-58604becfe12/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f95e2ed824d17844bbe1277cf764fbc769bcccd8d38cda03ca30f4c7b98eedbd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/468819/

Comments