socks5systemz | NEAS[.]e5315e590f6d50f120eb48c05e60e6b0[.]exe

Resubmissions

25/03/2024, 16:38

240325-t5lrcada84 10

25/03/2024, 16:33

240325-t2pzlafg5z 10

22/01/2024, 11:49

240122-ny1n2afccl 10

06/11/2023, 00:06

231106-ad1xeaeg6v 3

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e5315e590f6d50f120eb48c05e60e6b0.exe
Size

264KB
MD5

e5315e590f6d50f120eb48c05e60e6b0
SHA1

54c8b16f0cc0ac399959f4b02ded5203947917ee
SHA256

fee88318e738b160cae22f6c0f16c634fd16dbf11b9fb93df5d380b6427ac18f
SHA512

81d32500a3db97002eada8376d487836a3d9ef5a9cc1bee3bb4e3d21af3236c3e40d4a7a891c80b850b170e30968114e5b888ef3bbee43ad2375bdf1b4e438a1
SSDEEP

6144:GLXRX4SZbUt1At1VvxxB30gRDa3CLWl6Xbb08JnjHHBKeG53E/p3/z5nk:uXRX4SZbUt1At1VvxxB30gRDiCLWl6Xc

Score

10^/10

socks5systemz

Malware Config

Extracted

Family

socks5systemz

51.159.66.125

217.23.6.51

151.80.38.159

217.23.9.168

37.187.122.227

http://datasheet.fun/manual/avon_4_2022.pdf?%.8x

Attributes

rc4_key
heyfg645fdhwi

Signatures

Detect Socks5Systemz Payload 1 IoCs

resource	yara_rule
sample	family_socks5systemz

Socks5systemz family
socks5systemz

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e5315e590f6d50f120eb48c05e60e6b0.exe

Files

NEAS.e5315e590f6d50f120eb48c05e60e6b0.exe
.dll windows:5 windows x86 arch:x86

fc0ac54254150155731e0d0b8545b38f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetOpenA
InternetSetOptionA
InternetOpenUrlA
InternetReadFile

dnsapi

DnsFree
DnsQuery_A

kernel32

SetFilePointer
TlsGetValue
SetWaitableTimer
InterlockedIncrement
GetQueuedCompletionStatus
InterlockedDecrement
QueryPerformanceCounter
InterlockedCompareExchange
SleepEx
VirtualFree
WriteFile
InitializeCriticalSection
TlsSetValue
GlobalAlloc
CreateFileA
InitializeCriticalSectionAndSpinCount
GetTickCount
GetProcessHeap
HeapAlloc
CreateEventA
GetCurrentProcess
HeapFree
WaitForSingleObject
SetEvent
Sleep
GetSystemTimeAsFileTime
LeaveCriticalSection
ReadFile
CreateFileW
InterlockedExchange
TerminateThread
SetLastError
GetProcAddress
VirtualAlloc
QueueUserAPC
EnterCriticalSection
GlobalFree
InterlockedExchangeAdd
LocalAlloc
PostQueuedCompletionStatus
WaitForMultipleObjects
GetModuleFileNameA
CreateIoCompletionPort
GetModuleHandleA
LoadLibraryExA
lstrcatW
DeleteCriticalSection
GetVersionExA
TlsAlloc
CloseHandle
GetCurrentProcessId
CreateWaitableTimerA
LocalFree
TlsFree
lstrcpyW
CreateThread
FreeLibrary
GetWindowsDirectoryA
LoadLibraryA
DeviceIoControl
GetFileTime
OutputDebugStringW
SetFilePointerEx
HeapReAlloc
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEndOfFile
GetLastError
VirtualQuery
WideCharToMultiByte
AreFileApisANSI
GetModuleHandleExW
ExitProcess
MultiByteToWideChar
LCMapStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileType
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetModuleHandleW
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
GetModuleFileNameW
FormatMessageA
OpenEventA
ReleaseSemaphore
GetCurrentThreadId
ResetEvent
ResumeThread
EncodePointer
DecodePointer
ExitThread
LoadLibraryExW
GetCommandLineA
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle

user32

wsprintfA

shell32

SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

shlwapi

PathFileExistsW

ws2_32

htonl
getaddrinfo
WSARecv
WSASend
select
WSAGetLastError
htons
ntohs
inet_addr
shutdown
setsockopt
WSACleanup
freeaddrinfo
WSASetLastError
closesocket
getsockopt
WSASocketA
ntohl
WSAStartup
inet_ntoa
connect
WSAStringToAddressA
ioctlsocket
getsockname

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

fc0ac54254150155731e0d0b8545b38f

Headers

DLL Characteristics

File Characteristics

Imports

wininet

dnsapi

kernel32

user32

shell32

shlwapi

ws2_32

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 12KB - Virtual size: 21KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 12KB - Virtual size: 21KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 12KB