sality | bfad2b6054e8444b6088f4d9b470bc0ed8751f914166c0a19c9e8c77e857703b

Analysis

max time kernel
61s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 08:30

Target

bfad2b6054e8444b6088f4d9b470bc0ed8751f914166c0a19c9e8c77e857703b.exe
Size

320KB
MD5

112b1c6a70b4709f27cdf33392ed380d
SHA1

fee32e7d06fd09492ed48662b23c1069b1570c27
SHA256

bfad2b6054e8444b6088f4d9b470bc0ed8751f914166c0a19c9e8c77e857703b
SHA512

65a43ee3abf62685efc82a3ad12219d750e314fa88f499793f1ab2556e1d19ee0d2fc43a4a6b9888a25e28f9ae32bc7afd6bf0e89dd4232613cbf1012175bcae
SSDEEP

6144:ngPPQtCzpn0L46e9CLjX6miWTBPXARC0+6fO95/kH7pbHfLUg5LsJOeH+:ngPP6ChP6e9qjliWTpXAHQ8H75Has

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3248-133-0x00000000023C0000-0x000000000347A000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\bfad2b6054e8444b6088f4d9b470bc0ed8751f914166c0a19c9e8c77e857703b.exe
"C:\Users\Admin\AppData\Local\Temp\bfad2b6054e8444b6088f4d9b470bc0ed8751f914166c0a19c9e8c77e857703b.exe"
1⤵
PID:3248

memory/3248-132-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/3248-133-0x00000000023C0000-0x000000000347A000-memory.dmp

Filesize
16.7MB

Download
memory/3248-134-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download