sality | bc001a052701af344408a6a094590786a0b58494954512b158e16908462a0265

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 03:01

Target

5ec8cfeffe0beaeb3419902dfa28a269_JaffaCakes118.exe
Size

127KB
MD5

5ec8cfeffe0beaeb3419902dfa28a269
SHA1

e896e4490df8e5fb1ce45e863578e82e5533dc8e
SHA256

bc001a052701af344408a6a094590786a0b58494954512b158e16908462a0265
SHA512

21e4230ffb113c009b14e470c0a5922483ed57a6671d7610ad3d6b17cb97ed290430b60291c33264b18cc4a54c2dd209d3cb63a9d13643635f9f625eeee373f8
SSDEEP

3072:Jha78A7ccykfZGWT5bTKifjIKnSgI6zfdOhcVW1emzhRu1E9X:67l7FE+BKi0K5F1OhimzGSX

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3196-1-0x0000000002340000-0x0000000003373000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\5ec8cfeffe0beaeb3419902dfa28a269_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\5ec8cfeffe0beaeb3419902dfa28a269_JaffaCakes118.exe"
1⤵
PID:3196

memory/3196-0-0x0000000030000000-0x0000000030021000-memory.dmp

Filesize
132KB

Download
memory/3196-2-0x0000000030000000-0x0000000030021000-memory.dmp

Filesize
132KB

Download
memory/3196-1-0x0000000002340000-0x0000000003373000-memory.dmp

Filesize
16.2MB

Download
memory/3196-3-0x0000000002340000-0x0000000003373000-memory.dmp

Filesize
16.2MB

Download