Overview

overview

10

Static

static

3

2024-07-02...da.exe

windows7-x64

10

2024-07-02...da.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-07-02_f6e5f0ed974c89e2b4a47989fc987c79_rhysida

  • Size

    905KB

  • Sample

    240702-3vthwawema

  • MD5

    f6e5f0ed974c89e2b4a47989fc987c79

  • SHA1

    1906b34b2b7b30abeea67cf5bd1bd895624d2702

  • SHA256

    d7ba9881345d71862a68080d210643e2c2d3e17fd13065385edcd3b3391898c3

  • SHA512

    f16de7dba20b7443b4c19bed4ed9e8ae82bda2b4b352cbac0aeddc26b18a583ccf8d6d8177fc061f69ea8789a2f224cafef3e01f670aa734695d2a31fc496275

  • SSDEEP

    6144:/I99bj5oxq4BhArStlw0vRK/NMMmJZ/76jOMFMJnUm5cOgdVzOTeE:7IStlw0vRK/6h/7tJnLhgXXE

Score
10/10
rhysidaransomwarespywarestealer

Malware Config

Targets

    • Target

      2024-07-02_f6e5f0ed974c89e2b4a47989fc987c79_rhysida

    • Size

      905KB

    • MD5

      f6e5f0ed974c89e2b4a47989fc987c79

    • SHA1

      1906b34b2b7b30abeea67cf5bd1bd895624d2702

    • SHA256

      d7ba9881345d71862a68080d210643e2c2d3e17fd13065385edcd3b3391898c3

    • SHA512

      f16de7dba20b7443b4c19bed4ed9e8ae82bda2b4b352cbac0aeddc26b18a583ccf8d6d8177fc061f69ea8789a2f224cafef3e01f670aa734695d2a31fc496275

    • SSDEEP

      6144:/I99bj5oxq4BhArStlw0vRK/NMMmJZ/76jOMFMJnUm5cOgdVzOTeE:7IStlw0vRK/6h/7tJnLhgXXE

    Score
    10/10
    rhysidaransomwarespywarestealer

    • Rhysida

      Rhysida is a ransomware that is written in C++ and discovered in 2023.

      ransomwarerhysida

    • Renames multiple (8033) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks