General

  • Target

    47bfa21aaf31f2c1612e395db37b7677

  • Size

    458KB

  • Sample

    230626-dvt2zaha71

  • MD5

    47bfa21aaf31f2c1612e395db37b7677

  • SHA1

    5e3d89fa4bd4dae17823d72851ec89d3311ce4fb

  • SHA256

    06b4e7dfa6c53b7e6248f14fec59506f410101311941600dd75c88441912b1c7

  • SHA512

    8f552e547e11776de335045e4d1c7de87e877e0daeea146869a9a30cc8bc12f033fef21c0aa09202903ec5b17a747bcca4a2124d7e68757a68caaf66b6e5de29

  • SSDEEP

    6144:d7M6AY6fGlV0okVP3P4yfQmFKMUhhtpqr81fhKUqmLzmZuGVPhRlKwp+:dsQlV0pVP3gocJqrs3qPZuQtp+

Malware Config

Targets

    • Target

      47bfa21aaf31f2c1612e395db37b7677

    • Size

      458KB

    • MD5

      47bfa21aaf31f2c1612e395db37b7677

    • SHA1

      5e3d89fa4bd4dae17823d72851ec89d3311ce4fb

    • SHA256

      06b4e7dfa6c53b7e6248f14fec59506f410101311941600dd75c88441912b1c7

    • SHA512

      8f552e547e11776de335045e4d1c7de87e877e0daeea146869a9a30cc8bc12f033fef21c0aa09202903ec5b17a747bcca4a2124d7e68757a68caaf66b6e5de29

    • SSDEEP

      6144:d7M6AY6fGlV0okVP3P4yfQmFKMUhhtpqr81fhKUqmLzmZuGVPhRlKwp+:dsQlV0pVP3gocJqrs3qPZuQtp+

    • PLAY Ransomware, PlayCrypt

      Ransomware family first seen in mid 2022.

    • Renames multiple (8337) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Renames multiple (8428) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks