General
-
Target
a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a.exe
-
Size
906KB
-
Sample
241013-vtrznaxhrh
-
MD5
6dd8c26f64df37d0c7645b63c9bba51f
-
SHA1
9e2d705afad61509a90fd07915d3925aa4a3d997
-
SHA256
a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a
-
SHA512
0eb26db5752c6806f8b6f51eb7f311154c6a0a3907563b4f144fc09159996ebb014432c0ed98090356ff9fcd88d3f360d3d4ddb97d0c77cc631c8d86de3006e7
-
SSDEEP
6144:EYdNbzC+2VEOxgtCoW0RlmQzr7cCJPBv7ameMF8DXUQa1xCSjOT:1iuCoW0RlmQzrQCBv76DXfoxCa
Static task
static1
Behavioral task
behavioral1
Sample
a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a.exe
-
Size
906KB
-
MD5
6dd8c26f64df37d0c7645b63c9bba51f
-
SHA1
9e2d705afad61509a90fd07915d3925aa4a3d997
-
SHA256
a40b815afce131df6d4bc3f389cb64b742f545481119d3ecb78dda22e546a41a
-
SHA512
0eb26db5752c6806f8b6f51eb7f311154c6a0a3907563b4f144fc09159996ebb014432c0ed98090356ff9fcd88d3f360d3d4ddb97d0c77cc631c8d86de3006e7
-
SSDEEP
6144:EYdNbzC+2VEOxgtCoW0RlmQzr7cCJPBv7ameMF8DXUQa1xCSjOT:1iuCoW0RlmQzrQCBv76DXfoxCa
-
Detects Rhysida ransom note
-
Renames multiple (8129) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1