rhysida | 6691e15f9f964cac735b0827ec7aeed3e74fb6d2042fc9b7cb8a80ff14f06f0d | Triage

Sharing

General

Target

Users.zip
Size

2.2MB
Sample

240707-ve3gvaxgmc
MD5

2c69b20049d1ef6083999ea8c05a73cd
SHA1

ba2d9fa1621dac5665a6c0c678eba24225c7e9af
SHA256

6691e15f9f964cac735b0827ec7aeed3e74fb6d2042fc9b7cb8a80ff14f06f0d
SHA512

0696e6f0734a5e9a51a3e07eb1ad925293b99808c071bb39a4eadacc1a3d491a6a42990caa4dab7a8b0b53b85d5232d8ed1882cb2d644d7b4cc10401a5586960
SSDEEP

49152:PIZEXI9RbgYXIMpE+qUmeANOD0k4cheKlE9cVnaFkV+Q:gZWSWvKzqUtDJ4cvlE9clEk3

Score

10^/10

rhysida ransomware spyware stealer

Malware Config

Targets

- Target
  
  Users/administrator/AppData/Local/Temp/report.exe
- Size
  
  906KB
- MD5
  
  6dd8c26f64df37d0c7645b63c9bba51f
- SHA1
  
  9e2d705afad61509a90fd07915d3925aa4a3d997
- SHA256
  
  a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a
- SHA512
  
  0eb26db5752c6806f8b6f51eb7f311154c6a0a3907563b4f144fc09159996ebb014432c0ed98090356ff9fcd88d3f360d3d4ddb97d0c77cc631c8d86de3006e7
- SSDEEP
  
  6144:EYdNbzC+2VEOxgtCoW0RlmQzr7cCJPBv7ameMF8DXUQa1xCSjOT:1iuCoW0RlmQzrQCBv76DXfoxCa
Score

10^/10

rhysida ransomware spyware stealer
- Rhysida
  Rhysida is a ransomware that is written in C++ and discovered in 2023.
  ransomware rhysida
- Renames multiple (8617) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1
- Target
  
  Users/chrisr_admin/AppData/Local/Temp/RarSFX0/Package.exe
- Size
  
  3.5MB
- MD5
  
  61e304b10372d4bf5bafaec842465e27
- SHA1
  
  abb987c90eb5e5da5c4eef3a1a4dbbb9b90993bf
- SHA256
  
  cb3983d8aa29f32fb49e356ecedf8b5d7a62eca3301b1912bd551e34cece8db2
- SHA512
  
  ec7d2233711ec0315a9c7302b1c74dbc05901f3fe3ada14392216aea4d7f102894750a5a07d98e2016682b35b79bfd7aa852e581aebc775136c0b2d6cd37b22d
- SSDEEP
  
  98304:r3868ohNKjSkreLRKTmVXYu530kJ7dtXGIzNLFLOAkGkzdnEVomFHKnPE2:rNU4LRbDdtXGIhFLOyomFHKnPx
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhysidaransomwarespywarestealer

behavioral2