sality | 47b3496333c595e4bfa5a1240f403b58178069e8465a6a4f79e0f015cf330578

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 18:04

Target

NEAS.251d1b75203ea34e2f63e980d99aeb40.exe
Size

165KB
MD5

251d1b75203ea34e2f63e980d99aeb40
SHA1

3fea065779dbe1289b936a338efa3fe55d01494b
SHA256

47b3496333c595e4bfa5a1240f403b58178069e8465a6a4f79e0f015cf330578
SHA512

4bd9786b179c9ae1c606e7866fc9474759b4669de52511fb3f830ce7da7ae93a134cc2e77c03674f32a8cb94ae9bc54b1c35365eec4f6c351b9e99cec3ee016f
SSDEEP

3072:/jCKMPKZ293YOb9tfVCRd2hl6EtNfMezu06C6QgSH06WLl+EzjB:/jC7PKwpYObj8H2OEfVtdZHkl/B

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1236-2-0x0000000001DA0000-0x0000000002E5A000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1236	NEAS.251d1b75203ea34e2f63e980d99aeb40.exe
1236	NEAS.251d1b75203ea34e2f63e980d99aeb40.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.251d1b75203ea34e2f63e980d99aeb40.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.251d1b75203ea34e2f63e980d99aeb40.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1236

memory/1236-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1236-2-0x0000000001DA0000-0x0000000002E5A000-memory.dmp

Filesize
16.7MB

Download
memory/1236-3-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download