← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Resurface of HelloXD Ransomware targeting Windows and Linux Systems
WHITE Provintell-Lab 2022-06-13 Modified: 2022-07-13
113
IOCs
HIGH VOLUME
Recently, a reemergence of a ransomware named HelloXD which initially surfaced in the wild in November 2021 was observed. HelloXD is a ransomware that performs double extortion attacks targeting Windows and Linux systems. HelloXD was seen to utilize multiple encryption algorithms such as Curve25519-Donna, modified HC-128, and Rabbit symmetric cipher to lock the victims’ data for ransom.
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (113)
All URL hostname domain FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
URL https://фсб.com 2022-06-13
hostname ns2.webmiting.ru 2022-06-13
hostname relay2.kuimvd.ru 2022-06-13
domain rexdooley.ml 2022-06-13
hostname office.l4cky.men 2022-06-13
hostname cloud.l4cky.men 2022-06-13
hostname ldap.l4cky.men 2022-06-13
hostname mta-sts.l4cky.men 2022-06-13
hostname www.l4cky.men 2022-06-13
hostname mail.l4cky.men 2022-06-13
hostname box.l4cky.men 2022-06-13
hostname dc-b00e12923fb6.l4cky.men 2022-06-13
hostname sf.x4k.me 2022-06-13
hostname windows.x4k.me 2022-06-13
hostname subspace.x4k.me 2022-06-13
hostname teleport.x4k.me 2022-06-13
hostname book.x4k.me 2022-06-13
hostname yacht.x4k.me 2022-06-13
hostname cloud.x4k.me 2022-06-13
hostname collabora.x4k.me 2022-06-13
hostname bw.x4k.me 2022-06-13
hostname repo.x4k.me 2022-06-13
hostname mail.x4k.me 2022-06-13
hostname imap.l4cky.com 2022-06-13
hostname email.l4cky.com 2022-06-13
hostname ns1.l4cky.com 2022-06-13
hostname relay2.l4cky.com 2022-06-13
hostname mx5.l4cky.com 2022-06-13
hostname ms1.l4cky.com 2022-06-13
hostname mx10.l4cky.com 2022-06-13
hostname remote.l4cky.com 2022-06-13
hostname auth.l4cky.com 2022-06-13
hostname server.l4cky.com 2022-06-13
hostname ns2.l4cky.com 2022-06-13
hostname imap2.l4cky.com 2022-06-13
hostname mailer.l4cky.com 2022-06-13
hostname ns.l4cky.com 2022-06-13
hostname authsmtp.l4cky.com 2022-06-13
hostname www1.l4cky.com 2022-06-13
hostname mailhost.l4cky.com 2022-06-13
hostname mx2.l4cky.com 2022-06-13
hostname m.x4k.me 2022-06-13
domain l4cky.men 2022-06-13
domain x4k.in 2022-06-13
hostname vmi378732.contaboserver.net 2022-06-13
domain powershell.services 2022-06-13
domain x4k.me 2022-06-13
hostname apk.x4k.me 2022-06-13
hostname docker.x4k.me 2022-06-13
hostname pwn.x4k.me 2022-06-13
hostname 0.x4k.me 2022-06-13
hostname f.x4k.me 2022-06-13
hostname malware.x4k.me 2022-06-13
hostname sandbox.x4k.me 2022-06-13
domain btc-trazer.xyz 2022-06-13
hostname www.zxlab.iol4cky.men 2022-06-13
FileHash-SHA256 5fa5b5dddfe588791b59c945beba1f57a74bd58b53a09d38ac8a8679a0541f16 2022-06-13
FileHash-SHA256 98ba86c1273b5e8d68ce90ac1745d16335c5e04ec76e8c58448ae6c91136fc4d 2022-06-13
FileHash-SHA256 02894fa01c9b82dcfd93e35f49a0d5408f7f4f8a25f33ad17426bb00afa71f63 2022-06-13
FileHash-SHA256 83b5c6d73f3fc893dbd7effa7c50dc9b2455ec053aa9c51d70e13305ecf21fa4 2022-06-13
FileHash-SHA256 50a479f16713d03b95103e0a95a3d575b7263bd16c334258eefa3ae8f46e3d1d 2022-06-13
FileHash-SHA256 c619edb3fa8636c50b59a42d0bdc4c71cbd46a0586b683773e9a5e509f688176 2022-06-13
FileHash-SHA256 f1425cff3d28afe5245459afa6d7985081bc6a62f86dce64c63daeb2136d7d2c 2022-06-13
FileHash-SHA256 b4c11c97d23ea830bd13ad4a05a87be5d8cc55ebdf1e1b458fd68bea71d80b54 2022-06-13
FileHash-SHA256 beee37fb9cf3e02121b2169399948c1b0830a626d4ed27a617813fa67dd91d58 2022-06-13
FileHash-SHA256 f52fb7ba5061ee4144439ff652c0b4f3cf941fe37fbd66e9d7672dd213fbcdb2 2022-06-13
FileHash-SHA256 77dec8fc40ff9332eb6d40ded23d606c88d9fa3785a820ea7b1ef0d12a5c4447 2022-06-13
FileHash-SHA256 b843d7498506ddc272e183bbe90cf73cc4779b37341108e002923aa938ca9169 2022-06-13
FileHash-SHA256 f7ae6b5ed444abfceda7217b9158895ed28cfdd946bf3e5c729570a5c29d5d82 2022-06-13
FileHash-SHA256 f055577220c7dc4be46510b9fed4ecfa78920025d1b2ac5853b5bf7ea136cf37 2022-06-13
FileHash-SHA256 e9b832fa02235b95a65ad716342d01ae87fcdb686b448e8462d6e86c1f4b3156 2022-06-13
FileHash-SHA256 ddc96ac931762065fc085be8138c38f2b6b52095a42b34bc415c9572de17386a 2022-06-13
FileHash-SHA256 cd9908f50c9dd97a2ce22ee57ba3e014e204369e5b75b88cefb270dc44a5ca50 2022-06-13
FileHash-SHA256 c15111a5f33b3c51a26f814b64c891791ff21104ee75a4773fef86dfc7a8e7ca 2022-06-13
FileHash-SHA256 9e2524b2eaf5248eed6b2d20ae5144fb3bb543647cf612e5ca52135d16389f1a 2022-06-13
FileHash-SHA256 99f97a47d8d60b8fa65b4ddaf5f43e4352765a91ab053ceb8a3162084df7d099 2022-06-13
FileHash-SHA256 6e8ececfdc74770885f9dc63b4b2316e8c4a011fd9e382c1ba7c4f09f256925d 2022-06-13
FileHash-SHA256 6b437208dfb4a7906635e16a5cbb8a1719dc49c51e73b7783202ab018181b616 2022-06-13
FileHash-SHA256 611f3b0ed65dc98a0d7f5c57512212c6ab0a5de5d6bbf7131d3b7ebf360773c6 2022-06-13
FileHash-SHA256 592b1e55ceef3b8a1ecb28721ebf2e8edd109b9b492cf3c0c0d30831c7432e00 2022-06-13
FileHash-SHA256 585a22e822ade633cee349fd0a9e6a7d083de250fb56189d5a29d3fc5468680c 2022-06-13
FileHash-SHA256 4564ca0c436fde9e76f5fa65cbcf483adf1fbfa3d7369b7bb67d2c95457f6bc5 2022-06-13
FileHash-SHA256 43fa55c88453db0de0c22f3eb0b11d1db9286f3ee423e82704fdce506d3af516 2022-06-13
FileHash-SHA256 26cccc7e9155bd746e3bb963d40d6edfc001e6d936faf9392202e3788996105a 2022-06-13
FileHash-SHA256 26019b86686c1038326f075663d79803e4412bf9952eae65d7b9278be74ac55c 2022-06-13
FileHash-SHA256 22b32bb7c791842a6aa604d08208b13db07ccd1fe81f47ea8369537addb26c7b 2022-06-13
FileHash-SHA256 1dbf8ae62cc90c837ba12ceee08a1d989732a95bdcef5ca18151ef698ed98a03 2022-06-13
FileHash-SHA256 19d7e899777fbe432b2c90b992604599706b4109c3ceaa7946e8548f4c190a19 2022-06-13
FileHash-SHA256 d97d666239cc973a38dc788bf017f5d8ae19257561888b61ecff8e086c4e3ea0 2022-06-13
FileHash-SHA256 d8db562070b06d835721413a98f757b88d59277bf638467fda2ee254afc692a0 2022-06-13
FileHash-SHA256 d8026801e1b78d9bdcb4954c194748d0fdc631594899b29a2746ae425b8bfc79 2022-06-13
FileHash-SHA256 bd111240c24a6a188f2664eb15195630b13aa6d9483fc8cfed339dddf803fd4e 2022-06-13
FileHash-SHA256 a57b1cfd3e801305856cdb75839de05f03439e264ccdbd1497685878a2605b5a 2022-06-13
FileHash-SHA256 963cacd7eeebfb09950668bf1c6adf5452b992fc09119835cd256c5d3cf17f91 2022-06-13
FileHash-SHA256 8a02f01cc3ac71b2c440148fd51b44e260a953e4fc1ee1c3fe787395b8c712ab 2022-06-13
FileHash-SHA256 7da83a27e4d788ca33b8b05d365fdf803cb68e0df4d69942ba9b7bde54619322 2022-06-13
FileHash-SHA256 78ae3726d5b0815ad2e5a775ecf1a6cd36e1eeeee133b0766158a6b107ef7c34 2022-06-13
FileHash-SHA256 667b8abb731656c83f2f53815be68cce5d1ace3cb4ed242c9fecd4a66ac2f816 2022-06-13
FileHash-SHA256 5ae0d9e7ae61f3afb989aaf8e36eda1816ec44ceae666aea87a9fdc6fed35594 2022-06-13
FileHash-SHA256 4ea43678c3f84a66ce93cff50b11aabbe28c99c058e7043f275fea3456f55b88 2022-06-13
FileHash-SHA256 4de1279596cf5e0b2601f8b719b5240cb00b70c0d6aa0c11e2f32bc3ded020aa 2022-06-13
FileHash-SHA256 4245990f42509474bbc912a02a1e5216c4eb87ea200801e1028291b74e45e43b 2022-06-13
FileHash-SHA256 3eb1a41c86b3846d33515536c760e98f5cf0a741c682227065cbafea9d350806 2022-06-13
FileHash-SHA256 3477b704f6dceb414dad49bf8d950ef55205ffc50d2945b7f65fb2d5f47e4894 2022-06-13
FileHash-SHA256 1fafe53644e1bb8fbc9d617dd52cd7d0782381a9392bf7bcab4db77edc20b58b 2022-06-13
FileHash-SHA256 0e1aa5bb7cdccacfa8cbfe1aa71137b361bea04252fff52a9274b32d0e23e3aa 2022-06-13
FileHash-SHA256 709b7e8edb6cc65189739921078b54f0646d38358f9a8993c343b97f3493a4d9 2022-06-13
FileHash-SHA256 4e9d4afc901fa1766e48327f3c9642c893831af310bc18ccf876d44ea4efbf1d 2022-06-13
FileHash-SHA256 7247f33113710e5d9bd036f4c7ac2d847b0bf2ac2769cd8246a10f09d0a41bab 2022-06-13
FileHash-SHA256 903c04976fa6e6721c596354f383a4d4272c6730b29eee00b0ec599265963e74 2022-06-13
FileHash-SHA256 65ccbd63fbe96ea8830396c575926af476c06352bb88f9c22f90de7bb85366a3 2022-06-13
FileHash-SHA256 ebd310cb5f63b364c4ce3ca24db5d654132b87728babae4dc3fb675266148fe9 2022-06-13
FileHash-SHA256 435781ab608ff908123d9f4758132fa45d459956755d27027a52b8c9e61f9589 2022-06-13
References (1)
↗ https://unit42.paloaltonetworks.com/helloxd-ransomware/