General
-
Target
5b3a0b1b89ca463f56984cf67ea1719f1ddee770d1e14438e3fcf9b5301f2c83.exe
-
Size
905KB
-
Sample
241002-sblntawcmf
-
MD5
d86383882515b7a9218d5f69924feadf
-
SHA1
31183640972f2bc2e6906a271a88344201d37e4d
-
SHA256
5b3a0b1b89ca463f56984cf67ea1719f1ddee770d1e14438e3fcf9b5301f2c83
-
SHA512
f1761c4a3f4615f046644777c101545d86ff485eb01ce73d4042d0954368d32a651b3bc803b76f231d7d9beec1dc390e3732e4d310855e0f39ff3843e06cc757
-
SSDEEP
6144:gI99bj5oxq4KhAQSdl70vRK/fMCmJZ/76jOMFMqnUqW5V4GVzOTeE:zbSdl70vRK/Ez/7tqnsD42XE
Malware Config
Targets
-
-
Target
5b3a0b1b89ca463f56984cf67ea1719f1ddee770d1e14438e3fcf9b5301f2c83.exe
-
Size
905KB
-
MD5
d86383882515b7a9218d5f69924feadf
-
SHA1
31183640972f2bc2e6906a271a88344201d37e4d
-
SHA256
5b3a0b1b89ca463f56984cf67ea1719f1ddee770d1e14438e3fcf9b5301f2c83
-
SHA512
f1761c4a3f4615f046644777c101545d86ff485eb01ce73d4042d0954368d32a651b3bc803b76f231d7d9beec1dc390e3732e4d310855e0f39ff3843e06cc757
-
SSDEEP
6144:gI99bj5oxq4KhAQSdl70vRK/fMCmJZ/76jOMFMqnUqW5V4GVzOTeE:zbSdl70vRK/Ez/7tqnsD42XE
Score10/10-
Detects Rhysida ransom note
-
Rhysida
Rhysida is a ransomware that is written in C++ and discovered in 2023.
-
Renames multiple (8145) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1