sality | 0ad6c0a9e6e9d363a1731a7b7c5449d99f90be94e074d9b542a0b2f1ff13f4ae

Analysis

max time kernel
161s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 04:26

Target

0ad6c0a9e6e9d363a1731a7b7c5449d99f90be94e074d9b542a0b2f1ff13f4ae.exe
Size

196KB
MD5

4172c0838887194d5507344221f81abc
SHA1

79ba7c26f818f998a75acf0499dbde08d4f107cb
SHA256

0ad6c0a9e6e9d363a1731a7b7c5449d99f90be94e074d9b542a0b2f1ff13f4ae
SHA512

f6684e63a321d975486f6e70afa0bc90a2a44c16de5a6b8c8dfece336e6de6aa5a83219619ade2effc4b19b9a43286bb4981ce1150282045804bd7d2bdae7519
SSDEEP

3072:3KEb1edk0bT5ni+lRd4ESGf4Fv5NR2OnCW8DCUck/CJcd+F9UK/r1F2aTwXZg0bc:3KEbZyNi+R0quc4ut+Qnbw9PvD

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4112-133-0x0000000002210000-0x00000000032CA000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\0ad6c0a9e6e9d363a1731a7b7c5449d99f90be94e074d9b542a0b2f1ff13f4ae.exe
"C:\Users\Admin\AppData\Local\Temp\0ad6c0a9e6e9d363a1731a7b7c5449d99f90be94e074d9b542a0b2f1ff13f4ae.exe"
1⤵
PID:4112

memory/4112-132-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4112-134-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4112-133-0x0000000002210000-0x00000000032CA000-memory.dmp

Filesize
16.7MB

Download