sality | f9f4b5e56c1fb0baba99c6651c8f42ac2419097684c6f6222cbc25f6a3bbb364

Analysis

max time kernel
91s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 05:31

Target

f9f4b5e56c1fb0baba99c6651c8f42ac2419097684c6f6222cbc25f6a3bbb364.exe
Size

508KB
MD5

21a60f133303997b6a3a4bf5cf83981c
SHA1

a0ae97fbce6b2b80b7c84cd7fac1f670ecf50353
SHA256

f9f4b5e56c1fb0baba99c6651c8f42ac2419097684c6f6222cbc25f6a3bbb364
SHA512

cc09c2e5b95c74b94ee0da84bb4fe508aad2f5bf4a5980760d16a40f5c191af123962ed2b99cc5be1a233e01c1457fd401a12dabfe6e435e3e503be58897e20a
SSDEEP

12288:e9lsGL5hlfbfwfuRyM3HDvmbilY5FXuklP9QwGOot:eoG93fuwz3HblYbukp9gdt

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4988-132-0x0000000002310000-0x0000000003340000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4988	f9f4b5e56c1fb0baba99c6651c8f42ac2419097684c6f6222cbc25f6a3bbb364.exe

C:\Users\Admin\AppData\Local\Temp\f9f4b5e56c1fb0baba99c6651c8f42ac2419097684c6f6222cbc25f6a3bbb364.exe
"C:\Users\Admin\AppData\Local\Temp\f9f4b5e56c1fb0baba99c6651c8f42ac2419097684c6f6222cbc25f6a3bbb364.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4988

memory/4988-132-0x0000000002310000-0x0000000003340000-memory.dmp

Filesize
16.2MB

Download
memory/4988-133-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download