rhysida | 3c3db3c02a4d04dcafdc71adb8779b787d31142ffeb9ae0e638f979594897cbf[.]exe | Triage

Sharing

General

Target

3c3db3c02a4d04dcafdc71adb8779b787d31142ffeb9ae0e638f979594897cbf.exe
Size

497KB
MD5

93be893ff74816c49f2706f222789027
SHA1

80de2a5d57c25794a4a379f592621336465edb32
SHA256

3c3db3c02a4d04dcafdc71adb8779b787d31142ffeb9ae0e638f979594897cbf
SHA512

ce3abd5176e6d36daab4144c434e0ab51ecc7d8b7e772cfc4b0f8843684a80a167c1399e37b2524dbff3d2099e7a20d291f643fb65ff378e9e5ac9dc527499c7
SSDEEP

6144:6gVoyb9e9BhzGcIo6gCJv47raqMFdiksMi9agtuMf9opaiYOmDdnT:Vom47ciTt9agUG9oCOmD

Score

10^/10

rhysida

Malware Config

Signatures

Detect Rhysida ransomware 1 IoCs

resource	yara_rule
sample	family_rhysida

Rhysida family
rhysida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c3db3c02a4d04dcafdc71adb8779b787d31142ffeb9ae0e638f979594897cbf.exe

Files

3c3db3c02a4d04dcafdc71adb8779b787d31142ffeb9ae0e638f979594897cbf.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE