General

  • Target

    a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a.exe

  • Size

    906KB

  • Sample

    241013-vtrznaxhrh

  • MD5

    6dd8c26f64df37d0c7645b63c9bba51f

  • SHA1

    9e2d705afad61509a90fd07915d3925aa4a3d997

  • SHA256

    a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a

  • SHA512

    0eb26db5752c6806f8b6f51eb7f311154c6a0a3907563b4f144fc09159996ebb014432c0ed98090356ff9fcd88d3f360d3d4ddb97d0c77cc631c8d86de3006e7

  • SSDEEP

    6144:EYdNbzC+2VEOxgtCoW0RlmQzr7cCJPBv7ameMF8DXUQa1xCSjOT:1iuCoW0RlmQzrQCBv76DXfoxCa

Malware Config

Targets

    • Target

      a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a.exe

    • Size

      906KB

    • MD5

      6dd8c26f64df37d0c7645b63c9bba51f

    • SHA1

      9e2d705afad61509a90fd07915d3925aa4a3d997

    • SHA256

      a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a

    • SHA512

      0eb26db5752c6806f8b6f51eb7f311154c6a0a3907563b4f144fc09159996ebb014432c0ed98090356ff9fcd88d3f360d3d4ddb97d0c77cc631c8d86de3006e7

    • SSDEEP

      6144:EYdNbzC+2VEOxgtCoW0RlmQzr7cCJPBv7ameMF8DXUQa1xCSjOT:1iuCoW0RlmQzrQCBv76DXfoxCa

    • Detects Rhysida ransom note

    • Rhysida

      Rhysida is a ransomware that is written in C++ and discovered in 2023.

    • Renames multiple (8129) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks