Overview

overview

10

Static

static

3

bdb19d9eb1...3d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bdb19d9eb19343708fbcc36acfaa91699e89d68643c75bf90c6d1e57adaf0d3d.exe

  • Size

    153KB

  • Sample

    250410-j5tf3swlz6

  • MD5

    019b65ccaabcf519b65645284966db57

  • SHA1

    76fbee514ec7d0b666b10ebfa98bc3197ebde8cd

  • SHA256

    bdb19d9eb19343708fbcc36acfaa91699e89d68643c75bf90c6d1e57adaf0d3d

  • SHA512

    09c0c819873498f6d6e3a3d1db94cefd6427c380ba74cd31d185c130934fa92918fef05b5737b96a96b0c7ba2f197d562bbf568d7af540a2f5ae6de93e2df827

  • SSDEEP

    1536:oeTqb5QIul2hD/S8+5hFg2NRrlSYDLGRxHwEEaY4qr6leWvebuFD0MCu7sWZcdGv:Kb45hmjqGR2l/mlHaMwGkHJhqjLcCl

Score
10/10
hellokittydiscoveryransomware

Malware Config

Extracted

Path

C:\Recovery\read_me_lkdtt.txt

Ransom Note
Hello CEMIG! All your fileservers, HyperV infrastructure and backups have been encrypted! Trying to decrypt or modify the files with programs other than our decryptor can lead to permanent loss of data! The only way to recover your files is by cooperating with us. To prove our seriousness, we can decrypt 1 non-critical file for free as proof. We have over 10 TB data of your private files, databases, personal data... etc, you have 24 hours to contact us, another way we publish this information in public channels, and this site will be unavailable. -- Contact with us by method below 1) Open this website in TOR browser: http://x6gjpqs4jjvgpfvhghdz2dk7be34emyzluimticj5s5fexf4wa65ngad.onion/0c04b15081595448821e25e8dd07423d9927fa54cd56d8797ea4d1315a682692 2) Follow instructions in chat.
URLs

http://x6gjpqs4jjvgpfvhghdz2dk7be34emyzluimticj5s5fexf4wa65ngad.onion/0c04b15081595448821e25e8dd07423d9927fa54cd56d8797ea4d1315a682692

Targets

    • Target

      bdb19d9eb19343708fbcc36acfaa91699e89d68643c75bf90c6d1e57adaf0d3d.exe

    • Size

      153KB

    • MD5

      019b65ccaabcf519b65645284966db57

    • SHA1

      76fbee514ec7d0b666b10ebfa98bc3197ebde8cd

    • SHA256

      bdb19d9eb19343708fbcc36acfaa91699e89d68643c75bf90c6d1e57adaf0d3d

    • SHA512

      09c0c819873498f6d6e3a3d1db94cefd6427c380ba74cd31d185c130934fa92918fef05b5737b96a96b0c7ba2f197d562bbf568d7af540a2f5ae6de93e2df827

    • SSDEEP

      1536:oeTqb5QIul2hD/S8+5hFg2NRrlSYDLGRxHwEEaY4qr6leWvebuFD0MCu7sWZcdGv:Kb45hmjqGR2l/mlHaMwGkHJhqjLcCl

    Score
    10/10
    hellokittydiscoveryransomware

    • HelloKitty Ransomware

      Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.

      ransomwarehellokitty

    • Hellokitty family

      hellokitty

    • Renames multiple (150) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks