sality | f77126fc31e9c6ee13536bc37b914b53804bdaccd591ca425b8ddbf9bdcde1bc

Analysis

max time kernel
117s
max time network
143s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 14:08

Target

NEAS.505408c2b381f6f951e034e46e8c21d0.exe
Size

417KB
MD5

505408c2b381f6f951e034e46e8c21d0
SHA1

2d843b712fa708b39f54aa1813b38907dca18b7a
SHA256

f77126fc31e9c6ee13536bc37b914b53804bdaccd591ca425b8ddbf9bdcde1bc
SHA512

eb7795e1b1c4cd249e5bff2da5ecbe9ad5819a15ee3dc1bba1a4da298ecb57242c112bfed2ba70ba16c872201d54a8ac96a98f68ee83fa5e4d2c145335208f7a
SSDEEP

6144:xWb6GdYJGY1CLKd6Gr5GZH8XL7k19X0eTLE9AIHR1y9X9b7XvhyD+1zAjagpCo:xWbvhLq6yaH8X3k1liabdyDWkjaIT

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

http://klkjwre77638dfqwieuoi888.info/

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2464-1-0x00000000026D0000-0x000000000375E000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 3 IoCs

C:\Users\Admin\AppData\Local\Temp\NEAS.505408c2b381f6f951e034e46e8c21d0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.505408c2b381f6f951e034e46e8c21d0.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2464

memory/2464-0-0x0000000001260000-0x00000000012CD000-memory.dmp

Filesize
436KB

Download
memory/2464-3-0x0000000001260000-0x00000000012CD000-memory.dmp

Filesize
436KB

Download
memory/2464-1-0x00000000026D0000-0x000000000375E000-memory.dmp

Filesize
16.6MB

Download