General
-
Target
258ddd78655ac0587f64d7146e52549115b67465302c0cbd15a0cba746f05595.exe
-
Size
418KB
-
Sample
241002-lg2tnasgpc
-
MD5
44c7d18633b5741db270a6bd378b6f3c
-
SHA1
c1d41db1662289870d9b0172c53612b8a346a0e3
-
SHA256
258ddd78655ac0587f64d7146e52549115b67465302c0cbd15a0cba746f05595
-
SHA512
008befc95068a9b50a785aa84b9d2c446344cadf097241de658c9a810b4659a82e1a8edfc8c641b9237f2253d4980fe6b0a2c861b6c7883a82349815d9a34a3d
-
SSDEEP
6144:SOoLbiZZB2FpUJISUgJBJWR7UGRMFDLkSAGAR1LhT:cy9Z4R7iLBJAR1
Malware Config
Targets
-
-
Target
258ddd78655ac0587f64d7146e52549115b67465302c0cbd15a0cba746f05595.exe
-
Size
418KB
-
MD5
44c7d18633b5741db270a6bd378b6f3c
-
SHA1
c1d41db1662289870d9b0172c53612b8a346a0e3
-
SHA256
258ddd78655ac0587f64d7146e52549115b67465302c0cbd15a0cba746f05595
-
SHA512
008befc95068a9b50a785aa84b9d2c446344cadf097241de658c9a810b4659a82e1a8edfc8c641b9237f2253d4980fe6b0a2c861b6c7883a82349815d9a34a3d
-
SSDEEP
6144:SOoLbiZZB2FpUJISUgJBJWR7UGRMFDLkSAGAR1LhT:cy9Z4R7iLBJAR1
Score10/10-
Detect Rhysida ransomware
-
Rhysida
Rhysida is a ransomware that is written in C++ and discovered in 2023.
-
Renames multiple (731) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Window
1Ignore Process Interrupts
1Indicator Removal
1File Deletion
1Modify Registry
1