Overview

overview

10

Static

static

xxx.exe

windows7-x64

10

xxx.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    xxx.7z

  • Size

    257KB

  • Sample

    221019-ednpasfbcl

  • MD5

    0849376c20ac59821d4fcbe48d459d34

  • SHA1

    fc59d2311d593dbe76ea3fd0d651af2bca1fd539

  • SHA256

    a1170d5003d5cbc316866c42a872776c9bf6debf3b0accd93f284e155d80a01a

  • SHA512

    f2ee6433262af88fefe87f8e567cd7cbeec5ecb79f523feb0304ce2c8499cc6e1cab5f420756e91d6192f2a7935565968e40ad670211462ecd9abdf86fc5999e

  • SSDEEP

    6144:5OCohbQXZszxgRbAAUwd2PsKzE0bPVsPakhsN5FCRt:LEHzxgR8rwdkpokV0sNjCRt

Score
10/10
playransomwarespywarestealer

Malware Config

Targets

    • Target

      xxx.exe

    • Size

      673KB

    • MD5

      2e8897ef38d4abe4861360a4b6e895d5

    • SHA1

      f668b1110d8a6b1a3f638fd8a6276a7a1efe18db

    • SHA256

      952fec5f9e7137951700d7e4239728f903e360b3fdb0332deb9448bdc31c2f3f

    • SHA512

      02d7fe9141b25c74fb4721fa5cba6030cae671ec159987e1e0c95eee65fd5185586b0101af63e36f788cf8b7fc7044018e059301b17e5e63e68564d31f3610b8

    • SSDEEP

      12288:fjVr5+jJNj0H5zPYXADL1vpQ/ywpll/nh:fjB5WJOH5DYXAlvMyUJn

    Score
    10/10
    playransomwarespywarestealer

    • PLAY Ransomware, PlayCrypt

      Ransomware family first seen in mid 2022.

      ransomwareplay

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks