Overview

overview

10

Static

static

1

17dc9bb50f...ef.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17dc9bb50f33427f62ccf8e9c844c47300eec8be13e2342b119b1c88a2b46bef.exe

  • Size

    166KB

  • Sample

    250410-j5626swl16

  • MD5

    e333299d9f7e4c064746e177c84bb5c8

  • SHA1

    7dfa402cebfb31ee8e898aff3a645ce87e32c70a

  • SHA256

    17dc9bb50f33427f62ccf8e9c844c47300eec8be13e2342b119b1c88a2b46bef

  • SHA512

    8907f9ac9854ecf0ea9a36eee8299febb1a924e26c017c8d756824de0ab67165155bf003581e15ee93468abd8f1596c03626a01657cdc623be461990493a670c

  • SSDEEP

    3072:ONV+7SXjtEjDg/s6L7h/gT72ZywWWq/ePVl/uw7cFhDc:OTwSXNUQmkWWjzcFW

Score
10/10
hellokittydiscoveryransomware

Malware Config

Targets

    • Target

      17dc9bb50f33427f62ccf8e9c844c47300eec8be13e2342b119b1c88a2b46bef.exe

    • Size

      166KB

    • MD5

      e333299d9f7e4c064746e177c84bb5c8

    • SHA1

      7dfa402cebfb31ee8e898aff3a645ce87e32c70a

    • SHA256

      17dc9bb50f33427f62ccf8e9c844c47300eec8be13e2342b119b1c88a2b46bef

    • SHA512

      8907f9ac9854ecf0ea9a36eee8299febb1a924e26c017c8d756824de0ab67165155bf003581e15ee93468abd8f1596c03626a01657cdc623be461990493a670c

    • SSDEEP

      3072:ONV+7SXjtEjDg/s6L7h/gT72ZywWWq/ePVl/uw7cFhDc:OTwSXNUQmkWWjzcFW

    Score
    10/10
    hellokittydiscoveryransomware

    • HelloKitty Ransomware

      Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.

      ransomwarehellokitty

    • Hellokitty family

      hellokitty

    • Renames multiple (187) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks