Overview

overview

10

Static

static

3

20240910de...ty.exe

windows7-x64

10

20240910de...ty.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20240910dedaf87d9f14524ec3fe7c3d2e304bf5cobaltstrikehellokitty

  • Size

    477KB

  • Sample

    240910-hgq6dascme

  • MD5

    dedaf87d9f14524ec3fe7c3d2e304bf5

  • SHA1

    be8574663f31227d834bf3adc31c386533a7632c

  • SHA256

    e22137c5b034e0bf022ee389b607d3e0cffdbb25355918135f1536a7e510442b

  • SHA512

    ddde7e1d9ba6c684d1e2a9c5f324e1d294f1f5899e3994f59e3b5a68b3a5c058c01f437ebf147c08c8d8a4308696aa38cbbf62b415e5344d20db02551827afea

  • SSDEEP

    3072:OWNV+TSXAtEyDgEws1/gT72ZywWWq/ePVl/uw7cFhpD:OWTASXh6mkWWjzcFLD

Score
10/10
hellokittydiscoveryransomware

Malware Config

Targets

    • Target

      20240910dedaf87d9f14524ec3fe7c3d2e304bf5cobaltstrikehellokitty

    • Size

      477KB

    • MD5

      dedaf87d9f14524ec3fe7c3d2e304bf5

    • SHA1

      be8574663f31227d834bf3adc31c386533a7632c

    • SHA256

      e22137c5b034e0bf022ee389b607d3e0cffdbb25355918135f1536a7e510442b

    • SHA512

      ddde7e1d9ba6c684d1e2a9c5f324e1d294f1f5899e3994f59e3b5a68b3a5c058c01f437ebf147c08c8d8a4308696aa38cbbf62b415e5344d20db02551827afea

    • SSDEEP

      3072:OWNV+TSXAtEyDgEws1/gT72ZywWWq/ePVl/uw7cFhpD:OWTASXh6mkWWjzcFLD

    Score
    10/10
    hellokittydiscoveryransomware

    • HelloKitty Ransomware

      Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.

      ransomwarehellokitty

    • Renames multiple (201) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks