Overview

overview

10

Static

static

10

9097ab2b2b...b8.exe

windows7-x64

10

9097ab2b2b...b8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9097ab2b2b71f3ea0cf8c9271224b6227e9aa2545ae23d4621f122bdb99c77b8.exe

  • Size

    1.2MB

  • Sample

    241003-b63r5syaqr

  • MD5

    54416fc42afa9b09ea7e8d8e318f4891

  • SHA1

    8c924431049191e763a14503517a9583f070fdeb

  • SHA256

    9097ab2b2b71f3ea0cf8c9271224b6227e9aa2545ae23d4621f122bdb99c77b8

  • SHA512

    1ce45889054522a9277ebbd012f20dfe4039feafe5e25a0c9c5293dce867aa06e5550606191a8ce876a6307ffbdba3af41013f1c546cf3c4560827b99a98873a

  • SSDEEP

    24576:RtP7hdO1s6Ekgcec1SgnyN9HPFCCNhQI6GOfaFVIVrYwcMavDiZn3m75/J7:XLO18kgcec0gnyN9HPFCCNSI6GOfaFVp

Score
10/10
rhysidacredential_accessdefense_evasiondiscoveryexecutionransomwarespywarestealer

Malware Config

Targets

    • Target

      9097ab2b2b71f3ea0cf8c9271224b6227e9aa2545ae23d4621f122bdb99c77b8.exe

    • Size

      1.2MB

    • MD5

      54416fc42afa9b09ea7e8d8e318f4891

    • SHA1

      8c924431049191e763a14503517a9583f070fdeb

    • SHA256

      9097ab2b2b71f3ea0cf8c9271224b6227e9aa2545ae23d4621f122bdb99c77b8

    • SHA512

      1ce45889054522a9277ebbd012f20dfe4039feafe5e25a0c9c5293dce867aa06e5550606191a8ce876a6307ffbdba3af41013f1c546cf3c4560827b99a98873a

    • SSDEEP

      24576:RtP7hdO1s6Ekgcec1SgnyN9HPFCCNhQI6GOfaFVIVrYwcMavDiZn3m75/J7:XLO18kgcec0gnyN9HPFCCNSI6GOfaFVp

    Score
    10/10
    rhysidacredential_accessdefense_evasiondiscoveryexecutionransomwarespywarestealer

    • Detect Rhysida ransomware

    • Rhysida

      Rhysida is a ransomware that is written in C++ and discovered in 2023.

      ransomwarerhysida

    • Renames multiple (722) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

      defense_evasion

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks