rhysida | a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a | Triage

Sharing

General

Target

a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a.exe
Size

906KB
Sample

241002-lg2tnasgpa
MD5

6dd8c26f64df37d0c7645b63c9bba51f
SHA1

9e2d705afad61509a90fd07915d3925aa4a3d997
SHA256

a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a
SHA512

0eb26db5752c6806f8b6f51eb7f311154c6a0a3907563b4f144fc09159996ebb014432c0ed98090356ff9fcd88d3f360d3d4ddb97d0c77cc631c8d86de3006e7
SSDEEP

6144:EYdNbzC+2VEOxgtCoW0RlmQzr7cCJPBv7ameMF8DXUQa1xCSjOT:1iuCoW0RlmQzrQCBv76DXfoxCa

Score

10^/10

rhysida credential_access discovery ransomware spyware stealer

Malware Config

Targets

- Target
  
  a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a.exe
- Size
  
  906KB
- MD5
  
  6dd8c26f64df37d0c7645b63c9bba51f
- SHA1
  
  9e2d705afad61509a90fd07915d3925aa4a3d997
- SHA256
  
  a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a
- SHA512
  
  0eb26db5752c6806f8b6f51eb7f311154c6a0a3907563b4f144fc09159996ebb014432c0ed98090356ff9fcd88d3f360d3d4ddb97d0c77cc631c8d86de3006e7
- SSDEEP
  
  6144:EYdNbzC+2VEOxgtCoW0RlmQzr7cCJPBv7ameMF8DXUQa1xCSjOT:1iuCoW0RlmQzrQCBv76DXfoxCa
Score

10^/10

rhysida credential_access discovery ransomware spyware stealer
- Detects Rhysida ransom note
- Rhysida
  Rhysida is a ransomware that is written in C++ and discovered in 2023.
  ransomware rhysida
- Renames multiple (8141) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Windows Credential Manager

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Remote System Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhysidacredential_accessdiscoveryransomwarespywarestealer

behavioral2

rhysidacredential_accessdiscoveryransomwarespywarestealer