sality | 236f8a5a81170d48250a0afbd0ad6c54ffc9da7453a20fee828d5f230991a5f2

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 09:01

Target

236f8a5a81170d48250a0afbd0ad6c54ffc9da7453a20fee828d5f230991a5f2.exe
Size

308KB
MD5

21446396d0ea3a39861dcceb5630e410
SHA1

5c90b0c917579b0dbdc61324ba246254242b7529
SHA256

236f8a5a81170d48250a0afbd0ad6c54ffc9da7453a20fee828d5f230991a5f2
SHA512

28852c319a3c9cdb700f5f3016d70536aaf78940542d891d0ce4aad47d16b1f9645dbac60bcf11d52671cee0a6e7a047a2620ac7113bf3fe4619789211cb10e7
SSDEEP

6144:oO3OBhQ9TdoxVICgb5cNzNDRi2GD2+8ZExXHFr:4hYBoM25NDRqD2ZZmVr

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2424-133-0x0000000002380000-0x000000000340E000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\236f8a5a81170d48250a0afbd0ad6c54ffc9da7453a20fee828d5f230991a5f2.exe
"C:\Users\Admin\AppData\Local\Temp\236f8a5a81170d48250a0afbd0ad6c54ffc9da7453a20fee828d5f230991a5f2.exe"
1⤵
PID:2424

memory/2424-132-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2424-133-0x0000000002380000-0x000000000340E000-memory.dmp

Filesize
16.6MB

Download
memory/2424-134-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download