Overview

overview

10

Static

static

3

618804306fe03b_JC.exe

windows7-x64

10

618804306fe03b_JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/07/2023, 09:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    618804306fe03b_JC.exe

  • Size

    3.9MB

  • MD5

    618804306fe03b3cdc5a46549269a621

  • SHA1

    6e4ff85f477f8a10a5561c5b354b65ad69b61bb3

  • SHA256

    dafcb3831dad1a6df35c933266719e9b07cbb2d3321b7163fcd8137381bcf623

  • SHA512

    052ed60d6cd52fbb33edddaf8883a251f60fa2fbc4b47d5fd86c4421fa894ee9453d41a5e0aa71447ff6657d569ae847213579d29bf975dff0a5669991351d90

  • SSDEEP

    98304:lTrn46UqYXVrcot6bGZH1zQRhZpRh2ApVTL:pQtiP/n

Score
10/10
salitybackdoorupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Processes

  • C:\Users\Admin\AppData\Local\Temp\618804306fe03b_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\618804306fe03b_JC.exe"
    1⤵
      PID:3168

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3168-133-0x0000000000400000-0x00000000007F3000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/3168-134-0x00000000026E0000-0x000000000379A000-memory.dmp

      Filesize

      16.7MB

      Download

    • memory/3168-135-0x0000000000400000-0x00000000007F3000-memory.dmp

      Filesize

      3.9MB

      Download