Overview

overview

10

Static

static

10

67a78b39e7...a5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67a78b39e760e3460a135a7e4fa096ab6ce6b013658103890c866d9401928ba5.exe

  • Size

    1.2MB

  • Sample

    250412-q65ztswkw3

  • MD5

    67edfff8250487d97f403c74fed85388

  • SHA1

    f20bc8af34dd292e017caf4d42dd95d0cdc08792

  • SHA256

    67a78b39e760e3460a135a7e4fa096ab6ce6b013658103890c866d9401928ba5

  • SHA512

    6d6e7ac43b04a1e129fb4a2b9dd2427745a0af32eb02ec4f8a612567356ac2e7e54977ede134b9650da4b5159ab28fb6decb067bd8889253d8fe04343ab52797

  • SSDEEP

    24576:utP7hdO1s6Skscec1SgnyN9HPFCCNhQI6GOfaFVIVrYwcMavDiZn3m75/J7:gLO1qkscec0gnyN9HPFCCNSI6GOfaFVp

Score
10/10
rhysidacredential_accessdefense_evasiondiscoveryexecutionransomwarespywarestealer

Malware Config

Targets

    • Target

      67a78b39e760e3460a135a7e4fa096ab6ce6b013658103890c866d9401928ba5.exe

    • Size

      1.2MB

    • MD5

      67edfff8250487d97f403c74fed85388

    • SHA1

      f20bc8af34dd292e017caf4d42dd95d0cdc08792

    • SHA256

      67a78b39e760e3460a135a7e4fa096ab6ce6b013658103890c866d9401928ba5

    • SHA512

      6d6e7ac43b04a1e129fb4a2b9dd2427745a0af32eb02ec4f8a612567356ac2e7e54977ede134b9650da4b5159ab28fb6decb067bd8889253d8fe04343ab52797

    • SSDEEP

      24576:utP7hdO1s6Skscec1SgnyN9HPFCCNhQI6GOfaFVIVrYwcMavDiZn3m75/J7:gLO1qkscec0gnyN9HPFCCNSI6GOfaFVp

    Score
    10/10
    rhysidacredential_accessdefense_evasiondiscoveryexecutionransomwarespywarestealer

    • Detect Rhysida ransomware

    • Rhysida

      Rhysida is a ransomware that is written in C++ and discovered in 2023.

      ransomwarerhysida

    • Rhysida family

      rhysida

    • Renames multiple (2380) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Hide Artifacts: Hidden Window

      Windows that would typically be displayed when an application carries out an operation can be hidden.

      defense_evasion

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks