Overview

overview

10

Static

static

3

2024-09-10...ty.exe

windows7-x64

10

2024-09-10...ty.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-09-10_eab47cbf897c7e9c2dc1009e11d1d928_cobalt-strike_hellokitty

  • Size

    477KB

  • Sample

    240910-fdgresxdln

  • MD5

    eab47cbf897c7e9c2dc1009e11d1d928

  • SHA1

    0816c29d03f6612b053db52a245f6c0062967b5d

  • SHA256

    8fb025d59e501a545cae40ef222ca22b5722fdd487cdefb3f2e4b0a8635f9bc2

  • SHA512

    18fb24334b50fb2270eede826e9ec8e5b124b4ed5f14e54a0c7348f1a306bef0d6b1b4059f337aac51970b045ed58d9c6680d9104a30f598196ae9a0726dac53

  • SSDEEP

    3072:oNV+NjSXtz57JtE/Dglskr/gT72ZywWWq/ePVl/uw7cFhUD:oTcjSXDukskWWjzcFCD

Score
10/10
hellokittydiscoveryransomware

Malware Config

Targets

    • Target

      2024-09-10_eab47cbf897c7e9c2dc1009e11d1d928_cobalt-strike_hellokitty

    • Size

      477KB

    • MD5

      eab47cbf897c7e9c2dc1009e11d1d928

    • SHA1

      0816c29d03f6612b053db52a245f6c0062967b5d

    • SHA256

      8fb025d59e501a545cae40ef222ca22b5722fdd487cdefb3f2e4b0a8635f9bc2

    • SHA512

      18fb24334b50fb2270eede826e9ec8e5b124b4ed5f14e54a0c7348f1a306bef0d6b1b4059f337aac51970b045ed58d9c6680d9104a30f598196ae9a0726dac53

    • SSDEEP

      3072:oNV+NjSXtz57JtE/Dglskr/gT72ZywWWq/ePVl/uw7cFhUD:oTcjSXDukskWWjzcFCD

    Score
    10/10
    hellokittydiscoveryransomware

    • HelloKitty Ransomware

      Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.

      ransomwarehellokitty

    • Renames multiple (179) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks