General
-
Target
f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680
-
Size
3.0MB
-
Sample
220501-3h9z4abbdk
-
MD5
806a255b8c774f4d5ef77eb70368eaa9
-
SHA1
e9c27bff9ece28aeb3d5af661423c51990030989
-
SHA256
f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680
-
SHA512
376eb41bfc65636de1275328e116966e293c51dc38f0611a70b9fc270a7fa5f6cf31ad67912ae044d7253e6853550889c0755e59bd5ce3b08903cb2c0c6a2f44
Static task
static1
Behavioral task
behavioral1
Sample
f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Documents and Settings\read_me_lkd.txt
http://t3cfa3imcd6dkvdnfpvd5iyiojtksqabqtvbr672hjkvycxdurysadyd.onion/3a1521d429805d6634f960becf14a67b0d1af7eb62b43005958dbe1e71d92afb
Targets
-
-
Target
f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680
-
Size
3.0MB
-
MD5
806a255b8c774f4d5ef77eb70368eaa9
-
SHA1
e9c27bff9ece28aeb3d5af661423c51990030989
-
SHA256
f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680
-
SHA512
376eb41bfc65636de1275328e116966e293c51dc38f0611a70b9fc270a7fa5f6cf31ad67912ae044d7253e6853550889c0755e59bd5ce3b08903cb2c0c6a2f44
Score10/10-
HelloKitty Ransomware
Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry
-