sality | 83870a2489a02157b3d337b703e2d71b950522d3ea5ae7844a0618bb5035cf52

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2023, 00:05

Target

83870a2489a02157b3d337b703e2d71b950522d3ea5ae7844a0618bb5035cf52.exe
Size

1.1MB
MD5

838f22b69e2364bf470ff4ede5cdf4ec
SHA1

d9132ea69f08f2935bcb6d044057d3032722552d
SHA256

83870a2489a02157b3d337b703e2d71b950522d3ea5ae7844a0618bb5035cf52
SHA512

df5037461cfac1a7324d59922bd8b5a87f9d24cb9875e2b46bfff41f0f5acef002e1523a4b2775624f839e885e73d6727c65b676ec04510ba1b14a39e3514d90
SSDEEP

24576:1WmrmEGqqb5DtBum2mqm1EIVMgqG5GSo36c:1rGqqbovX3xB

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3892-1-0x0000000002D90000-0x0000000003E4A000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\83870a2489a02157b3d337b703e2d71b950522d3ea5ae7844a0618bb5035cf52.exe
"C:\Users\Admin\AppData\Local\Temp\83870a2489a02157b3d337b703e2d71b950522d3ea5ae7844a0618bb5035cf52.exe"
1⤵
PID:3892

memory/3892-0-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/3892-1-0x0000000002D90000-0x0000000003E4A000-memory.dmp

Filesize
16.7MB

Download
memory/3892-2-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download