sality | ced3d0eece2c05d205f3581e93fa07e8278823ffbb9ec6153077871db5a08289

Analysis

max time kernel
141s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:49

Target

ced3d0eece2c05d205f3581e93fa07e8278823ffbb9ec6153077871db5a08289.exe
Size

150KB
MD5

4cf02fb73541bf08d78a5e912bb8b930
SHA1

495d67cb3c9a77621537730d1e19376d81f4ff63
SHA256

ced3d0eece2c05d205f3581e93fa07e8278823ffbb9ec6153077871db5a08289
SHA512

a098008b3ef10002dbdbb38251cd0596daa013af94f1007a7f85d9332eaae569932e501fa26bec173961cf5f799fab591500d0508a7c5469c8ff53619e1a29d5
SSDEEP

3072:m6yvmyS5ZmFrFxJw++dAvjKENQxoQtQP5mXG:smudpwTAvmENQxfM5m2

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2088-133-0x00000000022F0000-0x000000000337E000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\ced3d0eece2c05d205f3581e93fa07e8278823ffbb9ec6153077871db5a08289.exe
"C:\Users\Admin\AppData\Local\Temp\ced3d0eece2c05d205f3581e93fa07e8278823ffbb9ec6153077871db5a08289.exe"
1⤵
PID:2088

memory/2088-132-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2088-134-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2088-133-0x00000000022F0000-0x000000000337E000-memory.dmp

Filesize
16.6MB

Download