hellokitty | f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680 | Triage

Submit
Reports

Overview

overview

Static

static

3

f70ad4505d...80.exe

windows10-2004-x64

Resubmissions

27-05-2023 23:52

230527-3w5yasea3x 10

01-05-2022 23:32

220501-3h9z4abbdk 10

Sharing

General

Target

f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680
Size

3.0MB
Sample

230527-3w5yasea3x
MD5

806a255b8c774f4d5ef77eb70368eaa9
SHA1

e9c27bff9ece28aeb3d5af661423c51990030989
SHA256

f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680
SHA512

376eb41bfc65636de1275328e116966e293c51dc38f0611a70b9fc270a7fa5f6cf31ad67912ae044d7253e6853550889c0755e59bd5ce3b08903cb2c0c6a2f44
SSDEEP

24576:LakKgIur6Qd8ecMR9BySKetuWG4RvsC1BP:LTMScWG4REC1B

Score

10^/10

hellokitty evasion ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680.exe

Resource

win10v2004-20230220-en

hellokitty evasion ransomware trojan

windows10-2004-x64

22 signatures

600 seconds

Malware Config

Targets

- Target
  
  f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680
- Size
  
  3.0MB
- MD5
  
  806a255b8c774f4d5ef77eb70368eaa9
- SHA1
  
  e9c27bff9ece28aeb3d5af661423c51990030989
- SHA256
  
  f70ad4505d00d98edacbb06c65c52f99dd74e11307e8d476226bdf6f6b4bc680
- SHA512
  
  376eb41bfc65636de1275328e116966e293c51dc38f0611a70b9fc270a7fa5f6cf31ad67912ae044d7253e6853550889c0755e59bd5ce3b08903cb2c0c6a2f44
- SSDEEP
  
  24576:LakKgIur6Qd8ecMR9BySKetuWG4RvsC1BP:LTMScWG4REC1B
Score

10^/10

hellokitty evasion ransomware trojan
- HelloKitty Ransomware
  Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.
  ransomware hellokitty
- Downloads MZ/PE file
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Tasks

static1

behavioral1

hellokittyevasionransomwaretrojan

© 2018-2024

Terms | Privacy