███████╗██╗ ██╗██╗██╗ ███╗ ███╗██╗ ██╗████████╗███████╗██╗ ██╗ ██╔════╝██║ ██║██║██║ ████╗ ████║██║ ██║╚══██╔══╝██╔════╝╚██╗██╔╝ █████╗ ██║ ██║██║██║ ██╔████╔██║██║ ██║ ██║ █████╗ ╚███╔╝ ██╔══╝ ╚██╗ ██╔╝██║██║ ██║╚██╔╝██║██║ ██║ ██║ ██╔══╝ ██╔██╗ ███████╗ ╚████╔╝ ██║███████╗ ██║ ╚═╝ ██║╚██████╔╝ ██║ ███████╗██╔╝ ██╗ ╚══════╝ ╚═══╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝

⚠

HelloXD

ransomware1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:

HelloXD

CATEGORY:

RANSOMWARE

DESCRIPTION:

HelloXD is a ransomware family that encrypts files and demands payment for decryption. It uses specific mutexes to ensure only one instance runs on the infected system and has been analyzed for its encryption techniques and ransom note characteristics.

TAGS:

file_encryptionransom_demandwindowsextortion

[MUTEX_SIGNATURES](1)

[MUTEX_01]

With best wishes And good intentions...

ANALYST: @adhikara13 DATE: 2024-12-19

REFERENCES:

https://unit42.paloaltonetworks.com/helloxd-ransomware/

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:

⚠Unknown

FIRST_OBSERVED:

2024

[SIGMA_RULE]

[STATISTICS]

MUTEX_COUNT:1

THREAT_ACTORS:1

ALIASES:0

TAGS:4

CATEGORY:RANSOMWARE

Malware profile loaded successfully