socks5systemz | 952-129-0x0000000002A40000-0x0000000002AE4000-memory[.]dmp

General

Target

952-129-0x0000000002A40000-0x0000000002AE4000-memory.dmp
Size

656KB
MD5

3bab611c24a5fea46b46d7eed10a967e
SHA1

3eaec4c124ffbfc5fd0e89df0b172aee559756fd
SHA256

6ab2e9fc8d5129569ee8526bafea203590957145134f867e1b75c66e320c8158
SHA512

c56ed87135ac98634347bb850f41310a3b23f8dde118da7a61758f277826ddf6a384194e304bf2a945e8ff02db2b4d598ad9482fee8321fe7123cfb5f9d69468
SSDEEP

12288:o209irTeBFRpYMbMacs6HnvHbnE51xXXXlg0rqZrZFsBvBMnkh0hlL25JTAGInwd:od9qTeBFRpYMAa8bqXXXlwZNC1izTa5D

Score

10^/10

socks5systemz

Malware Config

Extracted

Family

socks5systemz

C2

51.159.66.125

217.23.6.51

151.80.38.159

217.23.9.168

37.187.122.227

Attributes

rc4_key
heyfg645fdhwi

Signatures

Detect Socks5Systemz Payload 1 IoCs

resource	yara_rule
sample	family_socks5systemz

Socks5systemz family
socks5systemz

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
952-129-0x0000000002A40000-0x0000000002AE4000-memory.dmp

Files

952-129-0x0000000002A40000-0x0000000002AE4000-memory.dmp
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 187KB - Virtual size: 187KB

.rdata Size: 49KB - Virtual size: 49KB

.data Size: 12KB - Virtual size: 21KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 12KB

.vlizer Size: 360KB - Virtual size: 360KB

.text
Size: 187KB - Virtual size: 187KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 12KB - Virtual size: 21KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 12KB

.vlizer
Size: 360KB - Virtual size: 360KB