rhysida | b183b142d3c4e99ee07c3407b82858146fa61ded95be2e67ce920c8002309fb0 | Triage

Sharing

General

Target

b183b142d3c4e99ee07c3407b82858146fa61ded95be2e67ce920c8002309fb0.exe
Size

906KB
Sample

241003-cdjz1asdna
MD5

7cfba113342f78b5909f606c26fc1dc4
SHA1

f9e65f0cb46128bdc218053e1549c5e584ab6cd5
SHA256

b183b142d3c4e99ee07c3407b82858146fa61ded95be2e67ce920c8002309fb0
SHA512

9339d2b22b074f0357dd1319d02e6675394bb6c9fbd5d6ac51bc5554c95b5d0044bf05e0c3626c4f79f9c0a48dcb0a4063a32cdd99531ee8071491b661cc24d2
SSDEEP

6144:BYdNbzC+2VEIxgYClW0ClmQzrAczJPBv7ameMF87XUPwfO+jOT:SkLClW0ClmQzrtFBv767XcoO+

Score

10^/10

rhysida credential_access discovery ransomware spyware stealer

Malware Config

Targets

- Target
  
  b183b142d3c4e99ee07c3407b82858146fa61ded95be2e67ce920c8002309fb0.exe
- Size
  
  906KB
- MD5
  
  7cfba113342f78b5909f606c26fc1dc4
- SHA1
  
  f9e65f0cb46128bdc218053e1549c5e584ab6cd5
- SHA256
  
  b183b142d3c4e99ee07c3407b82858146fa61ded95be2e67ce920c8002309fb0
- SHA512
  
  9339d2b22b074f0357dd1319d02e6675394bb6c9fbd5d6ac51bc5554c95b5d0044bf05e0c3626c4f79f9c0a48dcb0a4063a32cdd99531ee8071491b661cc24d2
- SSDEEP
  
  6144:BYdNbzC+2VEIxgYClW0ClmQzrAczJPBv7ameMF87XUPwfO+jOT:SkLClW0ClmQzrtFBv767XcoO+
Score

10^/10

rhysida credential_access discovery ransomware spyware stealer
- Detects Rhysida ransom note
- Rhysida
  Rhysida is a ransomware that is written in C++ and discovered in 2023.
  ransomware rhysida
- Renames multiple (8159) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Windows Credential Manager

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Remote System Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhysidacredential_accessdiscoveryransomwarespywarestealer

behavioral2

rhysidacredential_accessdiscoveryransomwarespywarestealer