Overview

overview

10

Static

static

10

d5c2f87033...ee.exe

windows7-x64

10

d5c2f87033...ee.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d5c2f87033a5baeeb1b5b681f2c4a156ff1c05ccd1bfdaf6eae019fc4d5320ee.exe

  • Size

    417KB

  • Sample

    241003-cl5lnsyhmr

  • MD5

    1e256229b58061860be8dbf0dc4fe67e

  • SHA1

    338d4f4ec714359d589918cee1adad12ef231907

  • SHA256

    d5c2f87033a5baeeb1b5b681f2c4a156ff1c05ccd1bfdaf6eae019fc4d5320ee

  • SHA512

    7f53533d04e2b11bd98d92da91eb541f90239dba25d609d7f32c070a6003604a5e6a8ab75252a3db59e42a699b835eb580d95098ce72cc9c7a0e9ef75311f283

  • SSDEEP

    6144:MmY7bSLzf+AZ0uAF+rJ267j0MCMF0oko84zgtdcZk+DoQPT:zgT67ko/r0t6K

Score
10/10
rhysidacredential_accessdefense_evasiondiscoveryexecutionransomwarespywarestealer

Malware Config

Targets

    • Target

      d5c2f87033a5baeeb1b5b681f2c4a156ff1c05ccd1bfdaf6eae019fc4d5320ee.exe

    • Size

      417KB

    • MD5

      1e256229b58061860be8dbf0dc4fe67e

    • SHA1

      338d4f4ec714359d589918cee1adad12ef231907

    • SHA256

      d5c2f87033a5baeeb1b5b681f2c4a156ff1c05ccd1bfdaf6eae019fc4d5320ee

    • SHA512

      7f53533d04e2b11bd98d92da91eb541f90239dba25d609d7f32c070a6003604a5e6a8ab75252a3db59e42a699b835eb580d95098ce72cc9c7a0e9ef75311f283

    • SSDEEP

      6144:MmY7bSLzf+AZ0uAF+rJ267j0MCMF0oko84zgtdcZk+DoQPT:zgT67ko/r0t6K

    Score
    10/10
    rhysidacredential_accessdefense_evasiondiscoveryexecutionransomwarespywarestealer

    • Detect Rhysida ransomware

    • Rhysida

      Rhysida is a ransomware that is written in C++ and discovered in 2023.

      ransomwarerhysida

    • Renames multiple (705) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

      defense_evasion

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks