sality | fffd8bd79c78c65b481ca9d013e250431e412c5d527e26d464befb4b2d2479cf

Analysis

max time kernel
27s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14-10-2022 11:16

Target

fffd8bd79c78c65b481ca9d013e250431e412c5d527e26d464befb4b2d2479cf.exe
Size

112KB
MD5

73c60143804d379526be7fad06fa6f2d
SHA1

c01806dc5be8305945a2441be87bd3c92d29042a
SHA256

fffd8bd79c78c65b481ca9d013e250431e412c5d527e26d464befb4b2d2479cf
SHA512

b7a1be8ab8a6c910f24e884bd21515a9934099e9050273482a97cf21c6d9eafef192359e624ee9fa96a8099e1623561632ae79bc745da8e9f1e1d4c323fb6a13
SSDEEP

1536:X/XOq1IMgZomS878feVIwM4kWzrr40ikX7AYaFlGQHidCO9uZxAZCAkqq4BQduxz:XbOomS+8fOd42M/kdv1CUbnNBfge

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/748-55-0x0000000001F10000-0x0000000002F9E000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\fffd8bd79c78c65b481ca9d013e250431e412c5d527e26d464befb4b2d2479cf.exe
"C:\Users\Admin\AppData\Local\Temp\fffd8bd79c78c65b481ca9d013e250431e412c5d527e26d464befb4b2d2479cf.exe"
1⤵
PID:748

memory/748-54-0x0000000074FB1000-0x0000000074FB3000-memory.dmp

Filesize
8KB

Download
memory/748-55-0x0000000001F10000-0x0000000002F9E000-memory.dmp

Filesize
16.6MB

Download
memory/748-56-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/748-57-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download