sality | f0d5018f2cec5cb2d180da73184a87c7520e023c8742b4d719760ec9643d6c46

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 17:57

Target

f0d5018f2cec5cb2d180da73184a87c7520e023c8742b4d719760ec9643d6c46.exe
Size

1.3MB
MD5

853ddff4e12a4222714853f79340cea2
SHA1

603bd0d26137803ee29ed21ccea5d845fbbd4d1a
SHA256

f0d5018f2cec5cb2d180da73184a87c7520e023c8742b4d719760ec9643d6c46
SHA512

d248afb3c6c55d85768b4a69e60151a02daf1b0d014ed81c5ce63b5e5168f1c560a0a06492181d001cae5165a53c0f49907605f78ee434315b619b447f0b148d
SSDEEP

24576:V/CxhQi+gdzHd4E7yqPlEM5rvCau8l/b0F/WWBSm7xZEQc2hBjofRxi:podPyUlEIrqau8l/b0Fulm7xZxrkfRM

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2872-3-0x0000000001EA0000-0x0000000002F5A000-memory.dmp	upx
behavioral1/memory/2872-4-0x0000000001EA0000-0x0000000002F5A000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\f0d5018f2cec5cb2d180da73184a87c7520e023c8742b4d719760ec9643d6c46.exe
"C:\Users\Admin\AppData\Local\Temp\f0d5018f2cec5cb2d180da73184a87c7520e023c8742b4d719760ec9643d6c46.exe"
1⤵
PID:2872

memory/2872-0-0x0000000000400000-0x0000000000569000-memory.dmp

Filesize
1.4MB

Download
memory/2872-3-0x0000000001EA0000-0x0000000002F5A000-memory.dmp

Filesize
16.7MB

Download
memory/2872-2-0x0000000000400000-0x0000000000569000-memory.dmp

Filesize
1.4MB

Download
memory/2872-4-0x0000000001EA0000-0x0000000002F5A000-memory.dmp

Filesize
16.7MB

Download