sality | aafff55da18047e8cf0cc586c8bd65d7f7e8e3759305ca0674ae2168506c4222

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 11:40

Target

aafff55da18047e8cf0cc586c8bd65d7f7e8e3759305ca0674ae2168506c4222.exe
Size

152KB
MD5

486558340db304ab055deb495241c700
SHA1

0d30180d74371c193f2526b13c86530ce87dc8e0
SHA256

aafff55da18047e8cf0cc586c8bd65d7f7e8e3759305ca0674ae2168506c4222
SHA512

60f3030ee2c588c4a1c177a179ac5cd881bf3d6d74a5d7d3364298a86e9b70a0f9c903e460434709e2946a7e4df3eee07a81e7dce73b1df757a6657a16ccf248
SSDEEP

3072:57a7vlNQRc9dxR+qqWJjyfDYR90JE9ihTrvlPVD1UnZqbOCFvvSqo:57aWcftWf8R9069AP9P7Uhwo

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4928-133-0x00000000023E0000-0x000000000346E000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\aafff55da18047e8cf0cc586c8bd65d7f7e8e3759305ca0674ae2168506c4222.exe
"C:\Users\Admin\AppData\Local\Temp\aafff55da18047e8cf0cc586c8bd65d7f7e8e3759305ca0674ae2168506c4222.exe"
1⤵
PID:4928

memory/4928-132-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/4928-133-0x00000000023E0000-0x000000000346E000-memory.dmp

Filesize
16.6MB

Download
memory/4928-134-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download