rhysida | 5f4817219131e33567ece753af986f600a5b51d22d50de5ac80765cf817a9eff | Triage

Sharing

General

Target

0cf5491278c7d87e8c3fc88c7f9f26ff.bin
Size

324KB
Sample

250414-bcw3hawms7
MD5

84d74b3fd9ff1393c900abeb2b11e5cc
SHA1

0f291851d5bcdae7796d3835a5117566cf2fe410
SHA256

5f4817219131e33567ece753af986f600a5b51d22d50de5ac80765cf817a9eff
SHA512

f77b59c8cfd0764644939979e2e1a0ebc6c107eb5048fd6720b00b139df252bb23cf2b079e11736593ff9bcd6b0723c9e706137a5f4b11f0d8e779393903e9f2
SSDEEP

6144:aEj/YCKXQyt+pjDyMKfQobbP7gE/Gi6VHs2/iPQpf+J9tU6TpKEAFM:5bYCKrGjDyMoQ0j7faMVQpfOtU7EsM

Score

10^/10

rhysida credential_access discovery ransomware spyware stealer

Malware Config

Targets

- Target
  
  9ddb239d7c1ca00e5cf13cd6b1f816bdba30792b1f26cef2ca807336bd0b3802.exe
- Size
  
  908KB
- MD5
  
  0cf5491278c7d87e8c3fc88c7f9f26ff
- SHA1
  
  db1d9f161f331d07bbb626acf7d4f8f6e1a2c742
- SHA256
  
  9ddb239d7c1ca00e5cf13cd6b1f816bdba30792b1f26cef2ca807336bd0b3802
- SHA512
  
  6bda8ea0fe42eb032d0c81e49e7c1a3d8d321185615bae41aca265b53d63191274c8ec6b646663668ab78d4b4ed5986ca73fcd85c2e212cde075d324f5a2c66f
- SSDEEP
  
  6144:xcQQbTJ0huBKxmueLQ320SlmQ2Gz3bJo47/T8MF3KSUEtQGG4P4T:bqLQ320SlmQ2GzW47vKSry14P
Score

10^/10

rhysida credential_access discovery ransomware spyware stealer
- Detects Rhysida ransom note
- Rhysida
  Rhysida is a ransomware that is written in C++ and discovered in 2023.
  ransomware rhysida
- Rhysida family
  rhysida
- Renames multiple (9639) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Deletes itself
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Windows Credential Manager

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rhysidacredential_accessdiscoveryransomwarespywarestealer