Overview

overview

10

Static

static

f70ad4505d...80.exe

windows7_x64

10

f70ad4505d...80.exe

windows10-2004_x64

10

Resubmissions

27-05-2023 23:52

230527-3w5yasea3x 10

01-05-2022 23:32

220501-3h9z4abbdk 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680

  • Size

    3.0MB

  • Sample

    220501-3h9z4abbdk

  • MD5

    806a255b8c774f4d5ef77eb70368eaa9

  • SHA1

    e9c27bff9ece28aeb3d5af661423c51990030989

  • SHA256

    f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680

  • SHA512

    376eb41bfc65636de1275328e116966e293c51dc38f0611a70b9fc270a7fa5f6cf31ad67912ae044d7253e6853550889c0755e59bd5ce3b08903cb2c0c6a2f44

Score
10/10
hellokittyransomware

Malware Config

Extracted

Path

C:\Documents and Settings\read_me_lkd.txt

Ransom Note
# We are innocent. Hello dear user. Your files have been encrypted. -- What does it mean?! Content of your files have been modified. Without special key you can't undo that operation. -- How to get special key? If you want to get it, you must pay us some money and we will help you. We will give you special decryption program and instructions. -- Ok, how i can pay you? 1) Download TOR browser, if you don't know how to do it you can google it. 2) Open this website in tor browser: http://t3cfa3imcd6dkvdnfpvd5iyiojtksqabqtvbr672hjkvycxdurysadyd.onion/3a1521d429805d6634f960becf14a67b0d1af7eb62b43005958dbe1e71d92afb 3) Follow instructions in chat.
URLs

http://t3cfa3imcd6dkvdnfpvd5iyiojtksqabqtvbr672hjkvycxdurysadyd.onion/3a1521d429805d6634f960becf14a67b0d1af7eb62b43005958dbe1e71d92afb

Targets

    • Target

      f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680

    • Size

      3.0MB

    • MD5

      806a255b8c774f4d5ef77eb70368eaa9

    • SHA1

      e9c27bff9ece28aeb3d5af661423c51990030989

    • SHA256

      f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680

    • SHA512

      376eb41bfc65636de1275328e116966e293c51dc38f0611a70b9fc270a7fa5f6cf31ad67912ae044d7253e6853550889c0755e59bd5ce3b08903cb2c0c6a2f44

    Score
    10/10
    hellokittyransomware

    • HelloKitty Ransomware

      Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.

      ransomwarehellokitty

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Tasks