sality | 43aa2433c3d3e589ac6bbce2f1c4eca89ca8851609c490c0a80c73becaede7ab

Analysis

max time kernel
156s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/01/2024, 09:23

Target

43aa2433c3d3e589ac6bbce2f1c4eca89ca8851609c490c0a80c73becaede7ab.exe
Size

1006KB
MD5

6bbbbb370aed7e33176833c567d98563
SHA1

084ff9fe3729dfa0b51d9d1d9ccde2d219feefff
SHA256

43aa2433c3d3e589ac6bbce2f1c4eca89ca8851609c490c0a80c73becaede7ab
SHA512

7931cca88fadc3affd8ca0af0f77ea931945dac25abe9970e57d6d343d049a2ab450d7b9940e46e3bf6cce161b71e9deb0c668b1c1dd913bf3b65676decbcc74
SSDEEP

24576:QyWO3ptgbRrezk/IbtIA42YOQDYx7ZvVcmMtg9+Jahbo:kr3/ei8QD47ZvVH9+Jahbo

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2552-1-0x00000000008D0000-0x000000000198A000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2552	43aa2433c3d3e589ac6bbce2f1c4eca89ca8851609c490c0a80c73becaede7ab.exe
2552	43aa2433c3d3e589ac6bbce2f1c4eca89ca8851609c490c0a80c73becaede7ab.exe

C:\Users\Admin\AppData\Local\Temp\43aa2433c3d3e589ac6bbce2f1c4eca89ca8851609c490c0a80c73becaede7ab.exe
"C:\Users\Admin\AppData\Local\Temp\43aa2433c3d3e589ac6bbce2f1c4eca89ca8851609c490c0a80c73becaede7ab.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2552

memory/2552-0-0x0000000000400000-0x0000000000500000-memory.dmp

Filesize
1024KB

Download
memory/2552-1-0x00000000008D0000-0x000000000198A000-memory.dmp

Filesize
16.7MB

Download
memory/2552-2-0x0000000000400000-0x0000000000500000-memory.dmp

Filesize
1024KB

Download