In March and April 2023, cybersecurity firm TrendMicro discovered a new type of ransomware called Rapture that targets its victims using a minimalistic approach with tools that leave only a minimal footprint behind.

image

This malware was found to have similarities with the Paradise ransomware, but with some distinct differences in behavior.

The attackers behind Rapture used an RSA key configuration file similar to that used by Paradise, but also incorporated Themida, a commercial packer, to pack the ransomware and make analysis more difficult. Rapture requires at least a .NET 4.0 framework for proper execution, which suggests more similarities with Paradise, which has been known to be compiled as a .NET executable.

image

The minimalistic approach taken by Rapture is particularly concerning as it can make it harder for security software to detect and prevent the ransomware from executing. This type of ransomware is designed to leave behind only a minimal footprint, making it harder to detect and analyze the malware.


Indicators of Compromise

SHA256/IP
c417a89cdc86ea6d674d2dc629ae1872b4054ac43e948e8ed60d3f3f47178598
a6cd727a18e5e2a80fbd8a51c299a2030bd5e68e4bbf136e07eb9d0b3f3bb8ce
619614cda94a4b6b185c0c122d11ef2b8b0b3e7fc94a1a5c2ff1ac49233df54b
4222681314f5ffd69fe17ab2ae4b9aaa60866571fe2b53afc10f87e3738cedda
b44b4e162de1decc9a5d3c61a045eb4776c55fccd33c9eced5b9f622faee19fa
367e13f234a46822aa9655690f18000319123ad07a62e56bcf8bebbfbb0de7b9
99331170be7aa48d572728f68e52ac8d3eb3c8307cb8050ce504ef9f4624a4ba
d793aaaba1b4b34a20432b86505b851d838def0cd722b8cbdd1d08e19a08b6ee
195.123.234.101
172.82.86.148