General

  • Target

    513266fb23782f2bff65b6e8f059c4f4bb99562610c44110c4a463338f91d425

  • Size

    477KB

  • Sample

    240909-s6qagswcqk

  • MD5

    e931ab5882d62ea08e498d90e2e11ad0

  • SHA1

    5b68fe6556752d6bf077740d1b297f65a2673b54

  • SHA256

    513266fb23782f2bff65b6e8f059c4f4bb99562610c44110c4a463338f91d425

  • SHA512

    f12285f65854fbce23b6c4fee6ef662cb61d65b874f17347494c1d0c9984c24acb4c1d703d7821b482864e271d08ccfce73e40a4cff9112d9907fea527ab6042

  • SSDEEP

    3072:/NV+7SXjtEjDg/s6L7h/gT72ZywWWq/ePVl/uw7cFh:/TwSXNUQmkWWjzcF

Malware Config

Targets

    • Target

      513266fb23782f2bff65b6e8f059c4f4bb99562610c44110c4a463338f91d425

    • Size

      477KB

    • MD5

      e931ab5882d62ea08e498d90e2e11ad0

    • SHA1

      5b68fe6556752d6bf077740d1b297f65a2673b54

    • SHA256

      513266fb23782f2bff65b6e8f059c4f4bb99562610c44110c4a463338f91d425

    • SHA512

      f12285f65854fbce23b6c4fee6ef662cb61d65b874f17347494c1d0c9984c24acb4c1d703d7821b482864e271d08ccfce73e40a4cff9112d9907fea527ab6042

    • SSDEEP

      3072:/NV+7SXjtEjDg/s6L7h/gT72ZywWWq/ePVl/uw7cFh:/TwSXNUQmkWWjzcF

    • HelloKitty Ransomware

      Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.

    • Renames multiple (222) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks