sality | 4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9

Analysis

max time kernel
182s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 19:05

Target

4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9.exe
Size

136KB
MD5

1fb8d13b5168f2eb04c3746e9c401195
SHA1

c97a21f5405079a3fcce8736b10575099a44fb80
SHA256

4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9
SHA512

ac54d107905c7b20ebc49ccff1bf71fdc6a71118db9a931ca367f7c52876e8dce1500b037009f13bfb32ff8600fe49f6335756aae5ce252934bc49d7ad76e0f3
SSDEEP

3072:Rjl/oknFJY8olzQYsrWEBnmLGrMjGpKwdB4De:Yt9zyBBnmwMHwr

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/428-133-0x0000000002390000-0x00000000033C0000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9.exe
"C:\Users\Admin\AppData\Local\Temp\4111c6b8daa0a3e0f8e3b77f74299218cf5999f3bc56f66e818b65e3ea7f90c9.exe"
1⤵
PID:428

memory/428-132-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/428-133-0x0000000002390000-0x00000000033C0000-memory.dmp

Filesize
16.2MB

Download
memory/428-134-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download