General

  • Target

    192acfe0d55eef4c49cb7c803e7130d2f5ecd6bdee446f1c065ea6dee489ea6c

  • Size

    477KB

  • Sample

    240909-tc1d2ayfmf

  • MD5

    16153e9582cfe94a06fc670a5d851ed9

  • SHA1

    9a59a3310086462fd4bbf4781995464eb889974c

  • SHA256

    192acfe0d55eef4c49cb7c803e7130d2f5ecd6bdee446f1c065ea6dee489ea6c

  • SHA512

    f6b755d41087816635509cd92c747ac29095313b0f20e287a0b8d3b2be41b1e20ad7dce71d9b39b88981332250b57127cb686d898afeb5a741411e0c53454c5a

  • SSDEEP

    3072:qNV+7SXjtEjDg/s6L7h/gT72ZywWWq/ePVl/uw7cFh:qTwSXNUQmkWWjzcF

Malware Config

Targets

    • Target

      192acfe0d55eef4c49cb7c803e7130d2f5ecd6bdee446f1c065ea6dee489ea6c

    • Size

      477KB

    • MD5

      16153e9582cfe94a06fc670a5d851ed9

    • SHA1

      9a59a3310086462fd4bbf4781995464eb889974c

    • SHA256

      192acfe0d55eef4c49cb7c803e7130d2f5ecd6bdee446f1c065ea6dee489ea6c

    • SHA512

      f6b755d41087816635509cd92c747ac29095313b0f20e287a0b8d3b2be41b1e20ad7dce71d9b39b88981332250b57127cb686d898afeb5a741411e0c53454c5a

    • SSDEEP

      3072:qNV+7SXjtEjDg/s6L7h/gT72ZywWWq/ePVl/uw7cFh:qTwSXNUQmkWWjzcF

    • HelloKitty Ransomware

      Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.

    • Renames multiple (210) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks