sality | 1cb25fb148e72360036da71bfddc7327796d7b7ab99c0de1c8734dff1af4d459

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 01:56

Target

1cb25fb148e72360036da71bfddc7327796d7b7ab99c0de1c8734dff1af4d459.exe
Size

213KB
MD5

93d03fde72dba79c8ba8edc50c366bfb
SHA1

c11b0a5c9b385f3eb9f00c93b1a1ec36dfb8a08c
SHA256

1cb25fb148e72360036da71bfddc7327796d7b7ab99c0de1c8734dff1af4d459
SHA512

40ea8ca4eafce2eebac8939c36bfcf6e4f35280c4c3a0b190c794ad7b84fcfda66b5e52569177829c76bb80b070ab3e212ff6df5f8f85790132ef9ca77d7c6c0
SSDEEP

3072:qj5PYCHyo+icbSYleQ+jZqMNDBBLsADP1sxlPxjKkxiGTvFeEa8z:HYyo+icb2vDBBLsATyPhnxiGJq8z

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4132-133-0x0000000001FC0000-0x000000000304E000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\1cb25fb148e72360036da71bfddc7327796d7b7ab99c0de1c8734dff1af4d459.exe
"C:\Users\Admin\AppData\Local\Temp\1cb25fb148e72360036da71bfddc7327796d7b7ab99c0de1c8734dff1af4d459.exe"
1⤵
PID:4132

memory/4132-132-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4132-133-0x0000000001FC0000-0x000000000304E000-memory.dmp

Filesize
16.6MB

Download
memory/4132-134-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download