sality | c2647eea57be062bd8fcaec958af1772eda334ac3d75e468444e8b520085d141

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15-12-2024 17:50

Target

2024-12-15_c1390d1f1d2b9be55149385a01c8eec4_bkransomware.exe
Size

272KB
MD5

c1390d1f1d2b9be55149385a01c8eec4
SHA1

ba56c1ecc8b5b32eb3ebaf5f411a25792134404d
SHA256

c2647eea57be062bd8fcaec958af1772eda334ac3d75e468444e8b520085d141
SHA512

e83fa1f0d536159d8d4578a8abb38ff7106765804a1ea2484699cc8296fba0eab9b308badb0a7ca66e13b089d02301e08884d0e7a57e490a429e309f34964f44
SSDEEP

6144:IX986RB2pXn2mvbkGSYUT/HcRh/E9b/7Skbdem:0z2cmvWTvcIbOkbdB

Score

10^/10

sality backdoor upx

Family

sality

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality
Sality family
sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2172-3-0x0000000001EE0000-0x0000000002F9A000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\2024-12-15_c1390d1f1d2b9be55149385a01c8eec4_bkransomware.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-15_c1390d1f1d2b9be55149385a01c8eec4_bkransomware.exe"
1⤵
PID:2172

memory/2172-0-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/2172-3-0x0000000001EE0000-0x0000000002F9A000-memory.dmp

Filesize
16.7MB

Download
memory/2172-2-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/2172-4-0x0000000001EE0000-0x0000000002F9A000-memory.dmp

Filesize
16.7MB

Download