General
-
Target
Sigmanly_fac561bb0f072d29fe6f8ee6072c905a
-
Size
353KB
-
Sample
250414-s7sf8szny3
-
MD5
fac561bb0f072d29fe6f8ee6072c905a
-
SHA1
da29dc6bd9ba38d11d46665e42bed7d5c35f48fc
-
SHA256
3d2013c2ba0aa1c0475cab186ddf3d9005133fe5f88b5d8604b46673b96a40d8
-
SHA512
0b5dcabd10c9cadbe6b98c3814a73a3d9f285578869821493d6cd7a87d1cdd1144de7a77dce1360b95c4ef0f96895a6f04c9dbbf15a3177866e9c2883b35727d
-
SSDEEP
6144:heigHPKpV1hH/lRLIRsdyhFNnofZwnADhY+xlgVv3M:UigHUz9lRvyLtiwnZ+xKU
Malware Config
Targets
-
-
Target
Sigmanly_fac561bb0f072d29fe6f8ee6072c905a
-
Size
353KB
-
MD5
fac561bb0f072d29fe6f8ee6072c905a
-
SHA1
da29dc6bd9ba38d11d46665e42bed7d5c35f48fc
-
SHA256
3d2013c2ba0aa1c0475cab186ddf3d9005133fe5f88b5d8604b46673b96a40d8
-
SHA512
0b5dcabd10c9cadbe6b98c3814a73a3d9f285578869821493d6cd7a87d1cdd1144de7a77dce1360b95c4ef0f96895a6f04c9dbbf15a3177866e9c2883b35727d
-
SSDEEP
6144:heigHPKpV1hH/lRLIRsdyhFNnofZwnADhY+xlgVv3M:UigHUz9lRvyLtiwnZ+xKU
Score10/10-
Detect Rhysida ransomware
-
Rhysida
Rhysida is a ransomware that is written in C++ and discovered in 2023.
-
Rhysida family
-
Clears Windows event logs
-
Renames multiple (9700) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell and hide display window.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Indicator Removal: Clear Persistence
Clear artifacts associated with previously established persistence like scheduletasks on a host.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Defense Evasion
Hide Artifacts
1Hidden Window
1Indicator Removal
2Clear Persistence
1Clear Windows Event Logs
1Modify Registry
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1