General

  • Target

    play1.exe

  • Size

    501KB

  • Sample

    230605-y79cmsaf88

  • MD5

    99f06260f5704409d6e2dfd938f537a7

  • SHA1

    36bbefd6e70d4b4fa47cb75a255159d8033e2a23

  • SHA256

    069a4348b28a37bf88f1c5b4385e202a3a08d43075d307e66489842273acd1b6

  • SHA512

    110b506562782de8494b2ab5662bd5ad1ad38b0f4e33ee7e289187f7eed7794d86b3c417eecaade937788c50c161cf0f4ca7962a6467c3534707f125856b8fa4

  • SSDEEP

    6144:X5p+lJPqveiFZNBf2ogKxdd+i8J/I4JQy/6UqyS+vo/V2IhAD25lSN:J0amid5gBZL/6UzN5Ihy6SN

Malware Config

Targets

    • Target

      play1.exe

    • Size

      501KB

    • MD5

      99f06260f5704409d6e2dfd938f537a7

    • SHA1

      36bbefd6e70d4b4fa47cb75a255159d8033e2a23

    • SHA256

      069a4348b28a37bf88f1c5b4385e202a3a08d43075d307e66489842273acd1b6

    • SHA512

      110b506562782de8494b2ab5662bd5ad1ad38b0f4e33ee7e289187f7eed7794d86b3c417eecaade937788c50c161cf0f4ca7962a6467c3534707f125856b8fa4

    • SSDEEP

      6144:X5p+lJPqveiFZNBf2ogKxdd+i8J/I4JQy/6UqyS+vo/V2IhAD25lSN:J0amid5gBZL/6UzN5Ihy6SN

    • PLAY Ransomware, PlayCrypt

      Ransomware family first seen in mid 2022.

    • Renames multiple (8354) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Renames multiple (8441) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks