Exposing HelloXD Ransomware and x4k
Tags
Common Information
| Type | Value |
|---|---|
| UUID | bc99cac9-0b6c-4e3e-ba92-b003583e6f57 |
| Fingerprint | a53c09bb873686cf |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 11, 2022, 1 a.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | Exposing HelloXD Ransomware and x4k |
| Title | Exposing HelloXD Ransomware and x4k |
| Detected Hints/Tags/Attributes | 112/2/146 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | poime.li |
|
| Details | Domain | 1 | x4k.us |
|
| Details | Domain | 4 | dns1.registrar-servers.com |
|
| Details | Domain | 5 | dns2.registrar-servers.com |
|
| Details | Domain | 1 | 1q.is |
|
| Details | Domain | 1 | forwarding00.isnic.is |
|
| Details | Domain | 1 | x4k.sh |
|
| Details | Domain | 1 | mundo-telenovelas.x4k.dev |
|
| Details | Domain | 1 | acp.x4k.dev |
|
| Details | Domain | 1 | relay1.l4cky.com |
|
| Details | Domain | 1 | oelwein-ia.x4k.dev |
|
| Details | Domain | 1 | mallik.x4k.dev |
|
| Details | Domain | 1 | mamba77.red |
|
| Details | Domain | 1 | xn--90a5ai.com |
|
| Details | Domain | 1 | x4k.dev |
|
| Details | Domain | 1 | oxoo.cc |
|
| Details | Domain | 1 | bw.x4k.me |
|
| Details | Domain | 1 | ldap.l4cky.men |
|
| Details | Domain | 1 | www.y24.co |
|
| Details | Domain | 1 | smtp1.l4cky.com |
|
| Details | Domain | 1 | vmi606037.contaboserver.net |
|
| Details | Domain | 911 | any.run |
|
| Details | Domain | 1 | www.zxlab.iol4cky.men |
|
| Details | Domain | 1 | btc-trazer.xyz |
|
| Details | Domain | 1 | sandbox.x4k.me |
|
| Details | Domain | 1 | malware.x4k.me |
|
| Details | Domain | 1 | x4k.me |
|
| Details | Domain | 1 | pwn.x4k.me |
|
| Details | Domain | 1 | docker.x4k.me |
|
| Details | Domain | 1 | apk.x4k.me |
|
| Details | Domain | 1 | powershell.services |
|
| Details | Domain | 1 | vmi378732.contaboserver.net |
|
| Details | Domain | 1 | x4k.in |
|
| Details | Domain | 1 | l4cky.men |
|
| Details | Domain | 1 | mx2.l4cky.com |
|
| Details | Domain | 1 | mailhost.l4cky.com |
|
| Details | Domain | 1 | www1.l4cky.com |
|
| Details | Domain | 1 | authsmtp.l4cky.com |
|
| Details | Domain | 1 | ns.l4cky.com |
|
| Details | Domain | 1 | mailer.l4cky.com |
|
| Details | Domain | 1 | imap2.l4cky.com |
|
| Details | Domain | 1 | ns2.l4cky.com |
|
| Details | Domain | 1 | server.l4cky.com |
|
| Details | Domain | 1 | auth.l4cky.com |
|
| Details | Domain | 1 | remote.l4cky.com |
|
| Details | Domain | 1 | mx10.l4cky.com |
|
| Details | Domain | 1 | ms1.l4cky.com |
|
| Details | Domain | 1 | mx5.l4cky.com |
|
| Details | Domain | 1 | relay2.l4cky.com |
|
| Details | Domain | 1 | ns1.l4cky.com |
|
| Details | Domain | 1 | email.l4cky.com |
|
| Details | Domain | 1 | imap.l4cky.com |
|
| Details | Domain | 1 | mail.x4k.me |
|
| Details | Domain | 1 | repo.x4k.me |
|
| Details | Domain | 1 | collabora.x4k.me |
|
| Details | Domain | 1 | cloud.x4k.me |
|
| Details | Domain | 1 | yacht.x4k.me |
|
| Details | Domain | 1 | book.x4k.me |
|
| Details | Domain | 1 | teleport.x4k.me |
|
| Details | Domain | 1 | subspace.x4k.me |
|
| Details | Domain | 1 | windows.x4k.me |
|
| Details | Domain | 1 | sf.x4k.me |
|
| Details | Domain | 1 | dc-b00e12923fb6.l4cky.men |
|
| Details | Domain | 1 | box.l4cky.men |
|
| Details | Domain | 1 | mail.l4cky.men |
|
| Details | Domain | 1 | www.l4cky.men |
|
| Details | Domain | 1 | mta-sts.l4cky.men |
|
| Details | Domain | 1 | cloud.l4cky.men |
|
| Details | Domain | 1 | office.l4cky.men |
|
| Details | Domain | 1 | rexdooley.ml |
|
| Details | Domain | 1 | relay2.kuimvd.ru |
|
| Details | Domain | 1 | ns2.webmiting.ru |
|
| Details | 1 | tebya@poime.li |
||
| Details | File | 2127 | cmd.exe |
|
| Details | File | 1 | c:\users\admin\desktop\xd.exe |
|
| Details | File | 17 | hello.txt |
|
| Details | File | 1 | userlogin.exe |
|
| Details | File | 5 | dns1.reg |
|
| Details | File | 6 | dns2.reg |
|
| Details | sha1 | 3 | 4a2ee1666e2e9c40d372853e2203a7f2336b6e03 |
|
| Details | sha1 | 3 | 1758a8db8485f7e70432c07a9e3d5c0bb5743889 |
|
| Details | sha256 | 3 | 435781ab608ff908123d9f4758132fa45d459956755d27027a52b8c9e61f9589 |
|
| Details | sha256 | 3 | ebd310cb5f63b364c4ce3ca24db5d654132b87728babae4dc3fb675266148fe9 |
|
| Details | sha256 | 3 | 65ccbd63fbe96ea8830396c575926af476c06352bb88f9c22f90de7bb85366a3 |
|
| Details | sha256 | 3 | 903c04976fa6e6721c596354f383a4d4272c6730b29eee00b0ec599265963e74 |
|
| Details | sha256 | 3 | 7247f33113710e5d9bd036f4c7ac2d847b0bf2ac2769cd8246a10f09d0a41bab |
|
| Details | sha256 | 3 | 4e9d4afc901fa1766e48327f3c9642c893831af310bc18ccf876d44ea4efbf1d |
|
| Details | sha256 | 3 | 709b7e8edb6cc65189739921078b54f0646d38358f9a8993c343b97f3493a4d9 |
|
| Details | sha256 | 1 | 0e1aa5bb7cdccacfa8cbfe1aa71137b361bea04252fff52a9274b32d0e23e3aa |
|
| Details | sha256 | 1 | 1fafe53644e1bb8fbc9d617dd52cd7d0782381a9392bf7bcab4db77edc20b58b |
|
| Details | sha256 | 1 | 3477b704f6dceb414dad49bf8d950ef55205ffc50d2945b7f65fb2d5f47e4894 |
|
| Details | sha256 | 1 | 3eb1a41c86b3846d33515536c760e98f5cf0a741c682227065cbafea9d350806 |
|
| Details | sha256 | 1 | 4245990f42509474bbc912a02a1e5216c4eb87ea200801e1028291b74e45e43b |
|
| Details | sha256 | 1 | 4de1279596cf5e0b2601f8b719b5240cb00b70c0d6aa0c11e2f32bc3ded020aa |
|
| Details | sha256 | 1 | 4ea43678c3f84a66ce93cff50b11aabbe28c99c058e7043f275fea3456f55b88 |
|
| Details | sha256 | 1 | 5ae0d9e7ae61f3afb989aaf8e36eda1816ec44ceae666aea87a9fdc6fed35594 |
|
| Details | sha256 | 1 | 667b8abb731656c83f2f53815be68cce5d1ace3cb4ed242c9fecd4a66ac2f816 |
|
| Details | sha256 | 1 | 78ae3726d5b0815ad2e5a775ecf1a6cd36e1eeeee133b0766158a6b107ef7c34 |
|
| Details | sha256 | 1 | 7da83a27e4d788ca33b8b05d365fdf803cb68e0df4d69942ba9b7bde54619322 |
|
| Details | sha256 | 1 | 8a02f01cc3ac71b2c440148fd51b44e260a953e4fc1ee1c3fe787395b8c712ab |
|
| Details | sha256 | 1 | 963cacd7eeebfb09950668bf1c6adf5452b992fc09119835cd256c5d3cf17f91 |
|
| Details | sha256 | 1 | a57b1cfd3e801305856cdb75839de05f03439e264ccdbd1497685878a2605b5a |
|
| Details | sha256 | 1 | bd111240c24a6a188f2664eb15195630b13aa6d9483fc8cfed339dddf803fd4e |
|
| Details | sha256 | 1 | d8026801e1b78d9bdcb4954c194748d0fdc631594899b29a2746ae425b8bfc79 |
|
| Details | sha256 | 1 | d8db562070b06d835721413a98f757b88d59277bf638467fda2ee254afc692a0 |
|
| Details | sha256 | 1 | d97d666239cc973a38dc788bf017f5d8ae19257561888b61ecff8e086c4e3ea0 |
|
| Details | sha256 | 1 | 19d7e899777fbe432b2c90b992604599706b4109c3ceaa7946e8548f4c190a19 |
|
| Details | sha256 | 1 | 1dbf8ae62cc90c837ba12ceee08a1d989732a95bdcef5ca18151ef698ed98a03 |
|
| Details | sha256 | 1 | 22b32bb7c791842a6aa604d08208b13db07ccd1fe81f47ea8369537addb26c7b |
|
| Details | sha256 | 1 | 26019b86686c1038326f075663d79803e4412bf9952eae65d7b9278be74ac55c |
|
| Details | sha256 | 1 | 26cccc7e9155bd746e3bb963d40d6edfc001e6d936faf9392202e3788996105a |
|
| Details | sha256 | 1 | 43fa55c88453db0de0c22f3eb0b11d1db9286f3ee423e82704fdce506d3af516 |
|
| Details | sha256 | 1 | 4564ca0c436fde9e76f5fa65cbcf483adf1fbfa3d7369b7bb67d2c95457f6bc5 |
|
| Details | sha256 | 1 | 585a22e822ade633cee349fd0a9e6a7d083de250fb56189d5a29d3fc5468680c |
|
| Details | sha256 | 1 | 592b1e55ceef3b8a1ecb28721ebf2e8edd109b9b492cf3c0c0d30831c7432e00 |
|
| Details | sha256 | 1 | 611f3b0ed65dc98a0d7f5c57512212c6ab0a5de5d6bbf7131d3b7ebf360773c6 |
|
| Details | sha256 | 1 | 6b437208dfb4a7906635e16a5cbb8a1719dc49c51e73b7783202ab018181b616 |
|
| Details | sha256 | 1 | 6e8ececfdc74770885f9dc63b4b2316e8c4a011fd9e382c1ba7c4f09f256925d |
|
| Details | sha256 | 1 | 99f97a47d8d60b8fa65b4ddaf5f43e4352765a91ab053ceb8a3162084df7d099 |
|
| Details | sha256 | 1 | 9e2524b2eaf5248eed6b2d20ae5144fb3bb543647cf612e5ca52135d16389f1a |
|
| Details | sha256 | 1 | c15111a5f33b3c51a26f814b64c891791ff21104ee75a4773fef86dfc7a8e7ca |
|
| Details | sha256 | 1 | cd9908f50c9dd97a2ce22ee57ba3e014e204369e5b75b88cefb270dc44a5ca50 |
|
| Details | sha256 | 1 | ddc96ac931762065fc085be8138c38f2b6b52095a42b34bc415c9572de17386a |
|
| Details | sha256 | 1 | e9b832fa02235b95a65ad716342d01ae87fcdb686b448e8462d6e86c1f4b3156 |
|
| Details | sha256 | 1 | f055577220c7dc4be46510b9fed4ecfa78920025d1b2ac5853b5bf7ea136cf37 |
|
| Details | sha256 | 1 | f7ae6b5ed444abfceda7217b9158895ed28cfdd946bf3e5c729570a5c29d5d82 |
|
| Details | sha256 | 1 | b843d7498506ddc272e183bbe90cf73cc4779b37341108e002923aa938ca9169 |
|
| Details | sha256 | 1 | 77dec8fc40ff9332eb6d40ded23d606c88d9fa3785a820ea7b1ef0d12a5c4447 |
|
| Details | sha256 | 1 | f52fb7ba5061ee4144439ff652c0b4f3cf941fe37fbd66e9d7672dd213fbcdb2 |
|
| Details | sha256 | 1 | beee37fb9cf3e02121b2169399948c1b0830a626d4ed27a617813fa67dd91d58 |
|
| Details | sha256 | 1 | b4c11c97d23ea830bd13ad4a05a87be5d8cc55ebdf1e1b458fd68bea71d80b54 |
|
| Details | sha256 | 2 | f1425cff3d28afe5245459afa6d7985081bc6a62f86dce64c63daeb2136d7d2c |
|
| Details | sha256 | 1 | c619edb3fa8636c50b59a42d0bdc4c71cbd46a0586b683773e9a5e509f688176 |
|
| Details | sha256 | 1 | 50a479f16713d03b95103e0a95a3d575b7263bd16c334258eefa3ae8f46e3d1d |
|
| Details | sha256 | 1 | 83b5c6d73f3fc893dbd7effa7c50dc9b2455ec053aa9c51d70e13305ecf21fa4 |
|
| Details | sha256 | 1 | 02894fa01c9b82dcfd93e35f49a0d5408f7f4f8a25f33ad17426bb00afa71f63 |
|
| Details | sha256 | 1 | 98ba86c1273b5e8d68ce90ac1745d16335c5e04ec76e8c58448ae6c91136fc4d |
|
| Details | sha256 | 1 | 5fa5b5dddfe588791b59c945beba1f57a74bd58b53a09d38ac8a8679a0541f16 |
|
| Details | IPv4 | 198 | 1.1.1.1 |
|
| Details | IPv4 | 1 | 193.242.145.158 |
|
| Details | IPv4 | 1 | 167.86.87.27 |
|
| Details | IPv4 | 1 | 164.68.114.29 |
|
| Details | IPv4 | 1 | 63.250.53.180 |
|
| Details | IPv4 | 1 | 45.15.19.130 |
|
| Details | IPv4 | 1 | 46.39.229.17 |
|
| Details | Url | 1 | https://фсб.com |