Overview

overview

10

Static

static

c7d6719bbf...le.exe

windows7_x64

10

c7d6719bbf...le.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c7d6719bbfb5baaadda498bf5ef49a3ada1d795b9ae4709074b0e3976968741e.sample

  • Size

    179KB

  • Sample

    210726-c6lbc7wf7j

  • MD5

    8e4a887acab5f9475c5fa9a26fb9e720

  • SHA1

    3294a12a583d2634f6e3d1232052dfe0cd51a44a

  • SHA256

    c7d6719bbfb5baaadda498bf5ef49a3ada1d795b9ae4709074b0e3976968741e

  • SHA512

    56978ab3cb8172239da8742ebe41ef099bb9e1b58e23956a82bf495d7cc94c00a6067ecff5c441c2e9654abfe928ae5a81b57e19f3a80ac945a7780f92b39ff3

Score
10/10
hellokittyransomware

Malware Config

Extracted

Path

C:\MSOCache\read_me_lkdtt.txt

Ransom Note
Hello dear user. Your files have been encrypted. -- What does it mean?! Content of your files have been modified. Without special key you can't undo that operation. -- How to get special key? If you want to get it, you must pay us some money and we will help you. We will give you special decryption program and instructions. -- Ok, how i can pay you? 1) Download TOR browser, if you don't know how to do it you can google it. 2) Open this website in tor browser: http://6x7dp6h3w6q3ugjv4yv5gycj3femb24kysgry5b44hhgfwc5ml5qrdad.onion/030492044ded20e85096d439f92bc1d1f02d647c189459977d1e43aca3090a69 3) Follow instructions in chat.
URLs

http://6x7dp6h3w6q3ugjv4yv5gycj3femb24kysgry5b44hhgfwc5ml5qrdad.onion/030492044ded20e85096d439f92bc1d1f02d647c189459977d1e43aca3090a69

Targets

    • Target

      c7d6719bbfb5baaadda498bf5ef49a3ada1d795b9ae4709074b0e3976968741e.sample

    • Size

      179KB

    • MD5

      8e4a887acab5f9475c5fa9a26fb9e720

    • SHA1

      3294a12a583d2634f6e3d1232052dfe0cd51a44a

    • SHA256

      c7d6719bbfb5baaadda498bf5ef49a3ada1d795b9ae4709074b0e3976968741e

    • SHA512

      56978ab3cb8172239da8742ebe41ef099bb9e1b58e23956a82bf495d7cc94c00a6067ecff5c441c2e9654abfe928ae5a81b57e19f3a80ac945a7780f92b39ff3

    Score
    10/10
    hellokittyransomware

    • HelloKitty Ransomware

      Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.

      ransomwarehellokitty

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks