Overview

overview

10

Static

static

3

sus-exe/te...rt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sus-exe.zip

  • Size

    334KB

  • Sample

    240701-zx7azatcrp

  • MD5

    780a668dde72acdc97054a2b5d76f3b6

  • SHA1

    9a0b8b2bc24e24f16b53cd2a1c2e8fba3eb688d6

  • SHA256

    2b541f122ed0f9d8ba7112bb73472463c6ab449aa232b4a91ecd94e2af6099e5

  • SHA512

    e58f3033361e1e197f213438272afa036537253379e5eec6496049708ce568bcf9aa4cb511a2e0e65507998d46a5397f95aff870179b97b94fec18ee21d481cb

  • SSDEEP

    6144:eI0x8CCb77E0EclrtT4GtL2+pEhHm424dD/juPrDbXAtvursSwqI78vA7xVSBs/Z:m8CA7EWlrtT4Gk+pEhU4dDjujfXIuIUc

Score
10/10
rhysidaransomwarespywarestealer

Malware Config

Targets

    • Target

      sus-exe/temp/start.exe

    • Size

      905KB

    • MD5

      f6e5f0ed974c89e2b4a47989fc987c79

    • SHA1

      1906b34b2b7b30abeea67cf5bd1bd895624d2702

    • SHA256

      d7ba9881345d71862a68080d210643e2c2d3e17fd13065385edcd3b3391898c3

    • SHA512

      f16de7dba20b7443b4c19bed4ed9e8ae82bda2b4b352cbac0aeddc26b18a583ccf8d6d8177fc061f69ea8789a2f224cafef3e01f670aa734695d2a31fc496275

    • SSDEEP

      6144:/I99bj5oxq4BhArStlw0vRK/NMMmJZ/76jOMFMJnUm5cOgdVzOTeE:7IStlw0vRK/6h/7tJnLhgXXE

    Score
    10/10
    rhysidaransomwarespywarestealer

    • Rhysida

      Rhysida is a ransomware that is written in C++ and discovered in 2023.

      ransomwarerhysida

    • Renames multiple (8617) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks