sality | c0027e37966a83e6e0a3ed0adfc11f4f1d5d08aac37c4d243c4125a77a5b53f5

Analysis

max time kernel
160s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 21:13

Target

c0027e37966a83e6e0a3ed0adfc11f4f1d5d08aac37c4d243c4125a77a5b53f5.exe
Size

279KB
MD5

e19f6b7ed093ba736f55932103fc6e65
SHA1

79f0eb2887e9d8fa465c412c8ae7c03a35a67af0
SHA256

c0027e37966a83e6e0a3ed0adfc11f4f1d5d08aac37c4d243c4125a77a5b53f5
SHA512

3462af632cfafdc51f98e672d8d4d6abe06d82872b412447e6e133e1f18c23dc814e5523168409900fd25189a9ad2f45bc6389a0db92d6064f4130ef69326206
SSDEEP

3072:hxCbM0MxV3qF3XSEyG+LbEpayP6K7U22s5iPoc/g5WqOtGbF7Tv7fwsjya:mY00oHSEWGPtQ1oc/XTGlTvcsH

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/320-132-0x0000000002350000-0x0000000003383000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\c0027e37966a83e6e0a3ed0adfc11f4f1d5d08aac37c4d243c4125a77a5b53f5.exe
"C:\Users\Admin\AppData\Local\Temp\c0027e37966a83e6e0a3ed0adfc11f4f1d5d08aac37c4d243c4125a77a5b53f5.exe"
1⤵
PID:320

memory/320-132-0x0000000002350000-0x0000000003383000-memory.dmp

Filesize
16.2MB

Download
memory/320-133-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download