Overview

overview

10

Static

static

3

2024-07-02...da.exe

windows7-x64

10

2024-07-02...da.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-07-02_d86383882515b7a9218d5f69924feadf_rhysida

  • Size

    905KB

  • Sample

    240702-bwpgrs1fqg

  • MD5

    d86383882515b7a9218d5f69924feadf

  • SHA1

    31183640972f2bc2e6906a271a88344201d37e4d

  • SHA256

    5b3a0b1b89ca463f56984cf67ea1719f1ddee770d1e14438e3fcf9b5301f2c83

  • SHA512

    f1761c4a3f4615f046644777c101545d86ff485eb01ce73d4042d0954368d32a651b3bc803b76f231d7d9beec1dc390e3732e4d310855e0f39ff3843e06cc757

  • SSDEEP

    6144:gI99bj5oxq4KhAQSdl70vRK/fMCmJZ/76jOMFMqnUqW5V4GVzOTeE:zbSdl70vRK/Ez/7tqnsD42XE

Score
10/10
rhysidaransomwarespywarestealer

Malware Config

Targets

    • Target

      2024-07-02_d86383882515b7a9218d5f69924feadf_rhysida

    • Size

      905KB

    • MD5

      d86383882515b7a9218d5f69924feadf

    • SHA1

      31183640972f2bc2e6906a271a88344201d37e4d

    • SHA256

      5b3a0b1b89ca463f56984cf67ea1719f1ddee770d1e14438e3fcf9b5301f2c83

    • SHA512

      f1761c4a3f4615f046644777c101545d86ff485eb01ce73d4042d0954368d32a651b3bc803b76f231d7d9beec1dc390e3732e4d310855e0f39ff3843e06cc757

    • SSDEEP

      6144:gI99bj5oxq4KhAQSdl70vRK/fMCmJZ/76jOMFMqnUqW5V4GVzOTeE:zbSdl70vRK/Ez/7tqnsD42XE

    Score
    10/10
    rhysidaransomwarespywarestealer

    • Rhysida

      Rhysida is a ransomware that is written in C++ and discovered in 2023.

      ransomwarerhysida

    • Renames multiple (8119) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks