Overview

overview

10

Static

static

3

ZYu4eR.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ZYu4eR.exe.zip

  • Size

    236KB

  • Sample

    230925-mhdznaff82

  • MD5

    983ef679211df94aa10d89e297935549

  • SHA1

    e4b0cb491f84988a8bde4e1159d986a00c1bab7c

  • SHA256

    52480d0a016e6df93f58ecc9a6e8d42177bd35e393406d464426a0951e206a36

  • SHA512

    9eba7710d16c179b9d79c22183def8688f7cb7b7175e16253c85fd063253c9a7ebd07f327491d01a7b85b4b84b77c7a72b4389b92b514901342dbdadb8e2dda0

  • SSDEEP

    6144:gbrN9uXw3EUgZRMrAZeuAfZ5BKbWnU76ANhJrlef:gjR3YMrAZEZ5BKbWU76ANhNlef

Score
10/10
playransomwarespywarestealer

Malware Config

Targets

    • Target

      ZYu4eR.exe

    • Size

      458KB

    • MD5

      a7220cc1827fca75b6e74efe59a8ea77

    • SHA1

      836c066fff10ad423134f863528f4ec3d3e95962

    • SHA256

      731457e4704d299b353e802b72a6908dfa2124cbb5130b8cb9a943c6be6bcdc6

    • SHA512

      90cda9290fbc28187da837c4829fa1cd0084a58c87e58b6ddb0e70340b334507233bc0ab2c858462824e21babaaf2118dee68513e5c87fa7126d46bce5d38b21

    • SSDEEP

      6144:4/MZO4aLcwC0IEVvO2UcxnwMSKY3m5MzrTV/yqUKmLzmZhbVPcK7lKWp+:4XiwC0pVvOwxSCirEXKPZh+Kdp+

    Score
    10/10
    playransomwarespywarestealer

    • PLAY Ransomware, PlayCrypt

      Ransomware family first seen in mid 2022.

      ransomwareplay

    • Renames multiple (8319) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks