General
-
Target
2024-09-11_a169a146571b908a412ba8482adee8f1_cobalt-strike_hellokitty
-
Size
473KB
-
Sample
240911-bdm6zswajb
-
MD5
a169a146571b908a412ba8482adee8f1
-
SHA1
47cd550be7567b8ff091fff32cd0d7c3c0e4f7d2
-
SHA256
a022e86b2bb3ed6b4a8676be8b1688397b6e15c693e69c5093d8eb04396d2905
-
SHA512
03e7df0b082efedf5eeca67c9333fe3ad404a66ed33a13f5105cb0774f18351fff3f30860dedd3640e8e66123fdb5a430d33ddb2c92e5ef1d268fe806d6d3999
-
SSDEEP
1536:heTmjxb5QIul2hD/S8+5hFg2NRrlSYDLGRxHwEEaY4qr6leWvebuFD0MCu7sWZc:19b45hmjqGR2l/mlHaMwGkHJhqDLcCl
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-11_a169a146571b908a412ba8482adee8f1_cobalt-strike_hellokitty.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-09-11_a169a146571b908a412ba8482adee8f1_cobalt-strike_hellokitty.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Recovery\20e7eb62-69f6-11ef-be0c-62cb582c238c\read_me_lkdtt.txt
http://x6gjpqs4jjvgpfvhghdz2dk7be34emyzluimticj5s5fexf4wa65ngad.onion/0c04b15081595448821e25e8dd07423d9927fa54cd56d8797ea4d1315a682692
Targets
-
-
Target
2024-09-11_a169a146571b908a412ba8482adee8f1_cobalt-strike_hellokitty
-
Size
473KB
-
MD5
a169a146571b908a412ba8482adee8f1
-
SHA1
47cd550be7567b8ff091fff32cd0d7c3c0e4f7d2
-
SHA256
a022e86b2bb3ed6b4a8676be8b1688397b6e15c693e69c5093d8eb04396d2905
-
SHA512
03e7df0b082efedf5eeca67c9333fe3ad404a66ed33a13f5105cb0774f18351fff3f30860dedd3640e8e66123fdb5a430d33ddb2c92e5ef1d268fe806d6d3999
-
SSDEEP
1536:heTmjxb5QIul2hD/S8+5hFg2NRrlSYDLGRxHwEEaY4qr6leWvebuFD0MCu7sWZc:19b45hmjqGR2l/mlHaMwGkHJhqDLcCl
Score10/10-
HelloKitty Ransomware
Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.
-
Renames multiple (180) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-