sality | c7e087a0630c94b08bc5210b7761b11b85517fa5f80088c9c5547afe485b29f2

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 00:51

Target

c7e087a0630c94b08bc5210b7761b11b85517fa5f80088c9c5547afe485b29f2.exe
Size

430KB
MD5

2a1860f0dfba23a39f7ca397623d97b4
SHA1

547d458e1e93f145a79aa4c9e462eb651469d2a2
SHA256

c7e087a0630c94b08bc5210b7761b11b85517fa5f80088c9c5547afe485b29f2
SHA512

13e464623a70665efcc7d87a87e8668f72ca6c9e9647c4480f7915394d8690f098b842a828056c34717ef2b76bf3221ed080bbfdf788c6620c6ba3f9e5d311c6
SSDEEP

12288:oyIcgCzmJcPnoOobJ5+Bec37vtNdRUwVLj:dgCzmJcPnotfW7jtpUwVLj

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1192-1-0x0000000001E00000-0x0000000002EBA000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\c7e087a0630c94b08bc5210b7761b11b85517fa5f80088c9c5547afe485b29f2.exe
"C:\Users\Admin\AppData\Local\Temp\c7e087a0630c94b08bc5210b7761b11b85517fa5f80088c9c5547afe485b29f2.exe"
1⤵
PID:1192

memory/1192-0-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/1192-1-0x0000000001E00000-0x0000000002EBA000-memory.dmp

Filesize
16.7MB

Download
memory/1192-2-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download