sality | fe20a40bf4fdfd7850359c8e739c85a3f3593aa327a7de32a6c8565599f9d5c8

Analysis

max time kernel
61s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2022, 11:16

Target

fe20a40bf4fdfd7850359c8e739c85a3f3593aa327a7de32a6c8565599f9d5c8.exe
Size

489KB
MD5

64ff7dd2191685377404ea8aead39f60
SHA1

fb5df56b6ed5d2d30b647ff070f9d8a571c197fc
SHA256

fe20a40bf4fdfd7850359c8e739c85a3f3593aa327a7de32a6c8565599f9d5c8
SHA512

6639c296bb2929917725383f6c531b49692b3ebe18c1845ca91acd4f4b6eb997db09827f14ccb772ab12d1d945f8ab311c491a56c626c101f602eaa83401c462
SSDEEP

12288:h4w/Oi8kB755gRxzyBjfKk7qMXGiuYV36FA7Igauw:hHvzgfyByM2iPVeAEgauw

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4288-133-0x0000000002400000-0x000000000348E000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4288	fe20a40bf4fdfd7850359c8e739c85a3f3593aa327a7de32a6c8565599f9d5c8.exe

C:\Users\Admin\AppData\Local\Temp\fe20a40bf4fdfd7850359c8e739c85a3f3593aa327a7de32a6c8565599f9d5c8.exe
"C:\Users\Admin\AppData\Local\Temp\fe20a40bf4fdfd7850359c8e739c85a3f3593aa327a7de32a6c8565599f9d5c8.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4288

memory/4288-132-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/4288-133-0x0000000002400000-0x000000000348E000-memory.dmp

Filesize
16.6MB

Download
memory/4288-134-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download