Overview

overview

10

Static

static

10

2408-1-0x0...ry.exe

windows7-x64

3

2408-1-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2408-1-0x0000000000560000-0x000000000161A000-memory.dmp

  • Size

    16.7MB

  • MD5

    de65007ce5fa78fbb6cd3ff5152fd4d4

  • SHA1

    2e2ad21d2e5464339180ed6e3cf6e2290e26c0f2

  • SHA256

    fa999dfb72456e69c27ec2feaccffcb6652ac8c0ae25021f54e719fe193b60b9

  • SHA512

    cc6128a8f5e4ca7ec53ec5c4d3a962aedb5a5003d26679953d4d2f1cfd65c526d53e76eb039ed6ca7036f7c8d0ee1da4dcf489cf04d629a2bd20310dc1cac6e3

  • SSDEEP

    3072:QBhs0MYCJllXB7eMhXydzN4z8TOVF83U29OoX+Td2p:QBhsX7lXB7e6XmN44TqF8ELoX+Tda

Score
10/10
upxsality

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Sality family
    sality
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2408-1-0x0000000000560000-0x000000000161A000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections