hellokitty | fa722d0667418d68c4935e1461010a8f730f02fa1f595ee68bd0768fd5d1f8bb

General

Target

fa722d0667418d68c4935e1461010a8f730f02fa1f595ee68bd0768fd5d1f8bb
Size

157KB
Sample

210209-36824yd1l2
MD5

85cd7c6931b44a14f4899dfd0039e8b4
SHA1

5822f65dec879ba585112976a632b2c4435abf90
SHA256

fa722d0667418d68c4935e1461010a8f730f02fa1f595ee68bd0768fd5d1f8bb
SHA512

9a8173eb7f08c1c9e2c9b66b2866c08a5e97bc16ceb3644a55cc9da17dec1b9941f0e30c23994952d31b3b60911d13e7cc20810ecada35cdca4bff72ccad5a15

Score

10^/10

hellokitty ransomware

Malware Config

Extracted

Path

C:\Documents and Settings\read_me_lkd.txt

Ransom Note

Hello dear user. Your files have been encrypted. -- What does it mean?! Content of your files have been modified. Without special key you can't undo that operation. -- How to get special key? If you want to get it, you must pay us some money and we will help you. We will give you special decryption program and instructions. -- Ok, how i can pay you? 1) Download TOR browser, if you don't know how to do it you can google it. 2) Open this website in tor browser: http://6x7dp6h3w6q3ugjv4yv5gycj3femb24kysgry5b44hhgfwc5ml5qrdad.onion/d87c3f9baf85b2e9ab2a824bb78868294e19992e2e26b54f248abfa73c42a7c0 3) Follow instructions in chat.

URLs

http://6x7dp6h3w6q3ugjv4yv5gycj3femb24kysgry5b44hhgfwc5ml5qrdad.onion/d87c3f9baf85b2e9ab2a824bb78868294e19992e2e26b54f248abfa73c42a7c0

Targets

- Target
  
  fa722d0667418d68c4935e1461010a8f730f02fa1f595ee68bd0768fd5d1f8bb
- Size
  
  157KB
- MD5
  
  85cd7c6931b44a14f4899dfd0039e8b4
- SHA1
  
  5822f65dec879ba585112976a632b2c4435abf90
- SHA256
  
  fa722d0667418d68c4935e1461010a8f730f02fa1f595ee68bd0768fd5d1f8bb
- SHA512
  
  9a8173eb7f08c1c9e2c9b66b2866c08a5e97bc16ceb3644a55cc9da17dec1b9941f0e30c23994952d31b3b60911d13e7cc20810ecada35cdca4bff72ccad5a15
Score

10^/10

hellokitty ransomware
- HelloKitty Ransomware
  Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.
  ransomware hellokitty
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

HelloKitty Ransomware

Modifies extensions of user files

Enumerates physical storage devices

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2