Resubmissions

20-07-2021 12:44

210720-8qm4c8n1dn 10

11-02-2021 21:49

210211-jqg53q9bbn 10

General

  • Target

    Hi_Kitty_2.exe

  • Size

    157KB

  • Sample

    210720-8qm4c8n1dn

  • MD5

    136bd70f7aa98f52861879d7dca03cf2

  • SHA1

    fadd8d7c13a18c251ded1f645ffea18a37f1c2de

  • SHA256

    501487b025f25ddf1ca32deb57a2b4db43ccf6635c1edc74b9cff54ce0e5bcfe

  • SHA512

    919b81c6e062f26fef9f2f02f60af9493795ab1e74be0977210375598d2a17e37add7f7843f94c7cd6c44ba12af777a478c3744692ece2e31864b6aafd37e8df

Score
10/10

Malware Config

Extracted

Path

C:\Documents and Settings\read_me_lkd.txt

Ransom Note
Hello dear user. Your files have been encrypted. -- What does it mean?! Content of your files have been modified. Without special key you can't undo that operation. -- How to get special key? If you want to get it, you must pay us some money and we will help you. We will give you special decryption program and instructions. -- Ok, how i can pay you? 1) Download TOR browser, if you don't know how to do it you can google it. 2) Open this website in tor browser: http://6x7dp6h3w6q3ugjv4yv5gycj3femb24kysgry5b44hhgfwc5ml5qrdad.onion/d87c3f9baf85b2e9ab2a824bb78868294e19992e2e26b54f248abfa73c42a7c0 3) Follow instructions in chat.
URLs

http://6x7dp6h3w6q3ugjv4yv5gycj3femb24kysgry5b44hhgfwc5ml5qrdad.onion/d87c3f9baf85b2e9ab2a824bb78868294e19992e2e26b54f248abfa73c42a7c0

Targets

    • Target

      Hi_Kitty_2.exe

    • Size

      157KB

    • MD5

      136bd70f7aa98f52861879d7dca03cf2

    • SHA1

      fadd8d7c13a18c251ded1f645ffea18a37f1c2de

    • SHA256

      501487b025f25ddf1ca32deb57a2b4db43ccf6635c1edc74b9cff54ce0e5bcfe

    • SHA512

      919b81c6e062f26fef9f2f02f60af9493795ab1e74be0977210375598d2a17e37add7f7843f94c7cd6c44ba12af777a478c3744692ece2e31864b6aafd37e8df

    Score
    10/10
    • HelloKitty Ransomware

      Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

MITRE ATT&CK Enterprise v6

Tasks