Overview

overview

10

Static

static

3

501487b025...fe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    501487b025f25ddf1ca32deb57a2b4db43ccf6635c1edc74b9cff54ce0e5bcfe.exe

  • Size

    157KB

  • Sample

    250410-kfz31awxcs

  • MD5

    136bd70f7aa98f52861879d7dca03cf2

  • SHA1

    fadd8d7c13a18c251ded1f645ffea18a37f1c2de

  • SHA256

    501487b025f25ddf1ca32deb57a2b4db43ccf6635c1edc74b9cff54ce0e5bcfe

  • SHA512

    919b81c6e062f26fef9f2f02f60af9493795ab1e74be0977210375598d2a17e37add7f7843f94c7cd6c44ba12af777a478c3744692ece2e31864b6aafd37e8df

  • SSDEEP

    3072:ENV+7SXjtEjDg/s6L7h/gT72ZywWWq/ePVl/uw7cFho:ETwSXNUQmkWWjzcF6

Score
10/10
hellokittydiscoveryransomware

Malware Config

Targets

    • Target

      501487b025f25ddf1ca32deb57a2b4db43ccf6635c1edc74b9cff54ce0e5bcfe.exe

    • Size

      157KB

    • MD5

      136bd70f7aa98f52861879d7dca03cf2

    • SHA1

      fadd8d7c13a18c251ded1f645ffea18a37f1c2de

    • SHA256

      501487b025f25ddf1ca32deb57a2b4db43ccf6635c1edc74b9cff54ce0e5bcfe

    • SHA512

      919b81c6e062f26fef9f2f02f60af9493795ab1e74be0977210375598d2a17e37add7f7843f94c7cd6c44ba12af777a478c3744692ece2e31864b6aafd37e8df

    • SSDEEP

      3072:ENV+7SXjtEjDg/s6L7h/gT72ZywWWq/ePVl/uw7cFho:ETwSXNUQmkWWjzcF6

    Score
    10/10
    hellokittydiscoveryransomware

    • HelloKitty Ransomware

      Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.

      ransomwarehellokitty

    • Hellokitty family

      hellokitty

    • Renames multiple (167) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks