sality | 3af40045a63825439cc774faa439db9e48253a0d6f8ff9b90db5965522907e39

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2024 23:47

Target

78b6949a673651ca5fd257a37d16cbcc.exe
Size

115KB
MD5

78b6949a673651ca5fd257a37d16cbcc
SHA1

dd2112cf136c071d5ce65023b7d46c8ce2ae7f59
SHA256

3af40045a63825439cc774faa439db9e48253a0d6f8ff9b90db5965522907e39
SHA512

62192fd122dab9da9f8a8de3ab148902b7585168d6683ca4d5a006006fc3e846d772196cc18eb957fd5eca8470a5b60302e1fe20e7f784ca0298e9d9cba2f2e2
SSDEEP

3072:sF38MJS5sCACfqxj062rzp9MiA27Ol3OwCnE+3D:GsMJ2ACiRYnIiH7CO/EgD

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1016-1-0x0000000002410000-0x000000000349E000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\78b6949a673651ca5fd257a37d16cbcc.exe
"C:\Users\Admin\AppData\Local\Temp\78b6949a673651ca5fd257a37d16cbcc.exe"
1⤵
PID:1016

memory/1016-0-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1016-1-0x0000000002410000-0x000000000349E000-memory.dmp

Filesize
16.6MB

Download
memory/1016-2-0x0000000000400000-0x0000000000496000-memory.dmp

Filesize
600KB

Download
memory/1016-3-0x0000000002410000-0x000000000349E000-memory.dmp

Filesize
16.6MB

Download