General
-
Target
Rhysida.7z
-
Size
165KB
-
Sample
250330-bvz7wazjt9
-
MD5
bced1d7881b3d1acdb363ccf98ab054a
-
SHA1
21e01470d0de1f2468dc24038cf2cea26f318adc
-
SHA256
84a17795e393b244326630d0665d6c38762facb8664b90615276316f259a513f
-
SHA512
ac2bc044a3800e0cd69ed6d745fe843e913338bec7ecb9d0f4183eed0e880f56dfa362e8be534b93575f47ef6f180528b7868bb735174b3fd6e011c35c34ef0d
-
SSDEEP
3072:6nVf3ZmJHyYUsPEaWw0UeBfu0ydHuefdhLiFqomWBzafniNj2KSNwP0xY5ZSi:6lARyoZWwtFdnCqomWByZNwcxYKi
Malware Config
Targets
-
-
Target
3518195c256aa940c607f8534c91b5a9cd453c7417810de3cd4d262e2906d24f.exe
-
Size
421KB
-
MD5
2b825ea77e240d2ab6b6695a602cb07c
-
SHA1
ae6eb3cce06f666934e03dd46269526e56aff3b1
-
SHA256
3518195c256aa940c607f8534c91b5a9cd453c7417810de3cd4d262e2906d24f
-
SHA512
f2029aec439f4727e96436390027e100df521cd6557797a17d50f82335487b2a91ddc04dbd18fb8df96b3deea776ecf429321a55401b7739b1b4979b58db7e39
-
SSDEEP
6144:/u+2b7RNhPmrpQRF/2lfhOJoe7NzgMFgTkoQj6RgLaDMT:nGyRe7STng6KaD
Score10/10-
Detect Rhysida ransomware
-
Rhysida
Rhysida is a ransomware that is written in C++ and discovered in 2023.
-
Rhysida family
-
Renames multiple (698) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Indicator Removal: Clear Persistence
Clear artifacts associated with previously established persistence like scheduletasks on a host.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Window
1Indicator Removal
1Clear Persistence
1Modify Registry
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1