sality | a5638f46f92c86e000212631269541bc91331ccf5f3fe40ee0a5c95714cc859e

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 21:10

Target

a5638f46f92c86e000212631269541bc91331ccf5f3fe40ee0a5c95714cc859e.exe
Size

1.1MB
MD5

d75185cf153e8a5256769ca08d3dc74e
SHA1

9fede015769c62fe1278a5b5e77ca1edc1ac91af
SHA256

a5638f46f92c86e000212631269541bc91331ccf5f3fe40ee0a5c95714cc859e
SHA512

97cf1a7548cadf1337edb00087141f8b3348a0e83a60db86666068d8096f42a314c99a3f605a18fb3b5a95bcfd7b375b1990e2fce7df2d9f0be88e6102f78b2d
SSDEEP

24576:QjLmmEPVF1rpZyShMTB+5nabmkziwyRTpZnTPe:QjLmztpNG4BapiwyrRTPe

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2088-133-0x0000000002560000-0x00000000035EE000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\a5638f46f92c86e000212631269541bc91331ccf5f3fe40ee0a5c95714cc859e.exe
"C:\Users\Admin\AppData\Local\Temp\a5638f46f92c86e000212631269541bc91331ccf5f3fe40ee0a5c95714cc859e.exe"
1⤵
PID:2088

memory/2088-132-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2088-133-0x0000000002560000-0x00000000035EE000-memory.dmp

Filesize
16.6MB

Download
memory/2088-134-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download