General
-
Target
2024-09-11_16153e9582cfe94a06fc670a5d851ed9_cobalt-strike_hellokitty
-
Size
477KB
-
Sample
240911-asyqlasern
-
MD5
16153e9582cfe94a06fc670a5d851ed9
-
SHA1
9a59a3310086462fd4bbf4781995464eb889974c
-
SHA256
192acfe0d55eef4c49cb7c803e7130d2f5ecd6bdee446f1c065ea6dee489ea6c
-
SHA512
f6b755d41087816635509cd92c747ac29095313b0f20e287a0b8d3b2be41b1e20ad7dce71d9b39b88981332250b57127cb686d898afeb5a741411e0c53454c5a
-
SSDEEP
3072:qNV+7SXjtEjDg/s6L7h/gT72ZywWWq/ePVl/uw7cFh:qTwSXNUQmkWWjzcF
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-11_16153e9582cfe94a06fc670a5d851ed9_cobalt-strike_hellokitty.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-09-11_16153e9582cfe94a06fc670a5d851ed9_cobalt-strike_hellokitty.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
2024-09-11_16153e9582cfe94a06fc670a5d851ed9_cobalt-strike_hellokitty
-
Size
477KB
-
MD5
16153e9582cfe94a06fc670a5d851ed9
-
SHA1
9a59a3310086462fd4bbf4781995464eb889974c
-
SHA256
192acfe0d55eef4c49cb7c803e7130d2f5ecd6bdee446f1c065ea6dee489ea6c
-
SHA512
f6b755d41087816635509cd92c747ac29095313b0f20e287a0b8d3b2be41b1e20ad7dce71d9b39b88981332250b57127cb686d898afeb5a741411e0c53454c5a
-
SSDEEP
3072:qNV+7SXjtEjDg/s6L7h/gT72ZywWWq/ePVl/uw7cFh:qTwSXNUQmkWWjzcF
Score10/10-
HelloKitty Ransomware
Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.
-
Renames multiple (215) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-