sality | 2cf4de017786fa1a7fbd945e50ed5bb92137f3b7b5dfca444aba8c1577acdbe8

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 21:58

Target

2cf4de017786fa1a7fbd945e50ed5bb92137f3b7b5dfca444aba8c1577acdbe8.exe
Size

2.1MB
MD5

ce54ea772c1f2ae1d8db8e1727117b7e
SHA1

2754b5b00c27576a897fe749118205a785fd0148
SHA256

2cf4de017786fa1a7fbd945e50ed5bb92137f3b7b5dfca444aba8c1577acdbe8
SHA512

4140fe83304fa8c6e8a2b5c0ac5c1228b19996d7b90d634da82b9bec06fba0603850a2cf704df024cec977b1ac80dd58837525e3dc26723577c1031880c5425d
SSDEEP

49152:rsP/IX4iNz27CCypXC8Jgx3x+D0vA6Nhz/l+4Qf7CYtDUfffH+IOKSv:839eJpS3X+D0vA6NhB+4Qf7Jt4vH+7Hv

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/220-0-0x0000000000400000-0x00000000009AE000-memory.dmp	upx
behavioral2/memory/220-2-0x0000000000400000-0x00000000009AE000-memory.dmp	upx
behavioral2/memory/220-1-0x00000000027D0000-0x000000000388A000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\2cf4de017786fa1a7fbd945e50ed5bb92137f3b7b5dfca444aba8c1577acdbe8.exe
"C:\Users\Admin\AppData\Local\Temp\2cf4de017786fa1a7fbd945e50ed5bb92137f3b7b5dfca444aba8c1577acdbe8.exe"
1⤵
PID:220

memory/220-0-0x0000000000400000-0x00000000009AE000-memory.dmp

Filesize
5.7MB

Download
memory/220-2-0x0000000000400000-0x00000000009AE000-memory.dmp

Filesize
5.7MB

Download
memory/220-1-0x00000000027D0000-0x000000000388A000-memory.dmp

Filesize
16.7MB

Download