play | 4fec92e380ecbf39d8a178fc8f487dc9092833533a450e616da317639b3eb34c | Triage

Sharing

General

Target

23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.zip
Size

236KB
Sample

231116-2fjjpaah23
MD5

b97fd66e0e95486216223a8323e5f09c
SHA1

93ae14db7bc6c3674d8833e8f188c6d1bfca01d4
SHA256

4fec92e380ecbf39d8a178fc8f487dc9092833533a450e616da317639b3eb34c
SHA512

ddbac68eda826d8e843c6ee00b95bcd27a64a13ac4581d19cea042e6b41b881e253b0b53366f07af407198952278afb2441492b335b405b0795c0f696953dd88
SSDEEP

3072:CV1PLdf1Ufjzn5iGbl2yet03OawsBwoBg0nPSGl95+bFRQkcpfLZjC/1b1+Jgx6S:CAfMAlzet03MsCGl9gTQkcdZOj+JXS

Score

10^/10

play ransomware spyware stealer

Malware Config

Targets

- Target
  
  23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c
- Size
  
  458KB
- MD5
  
  0750794cd2b5823069bb9ff16ff6d2b7
- SHA1
  
  466874dbf01e0bd4e99cbd6b39ae69d1023b35f2
- SHA256
  
  23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c
- SHA512
  
  617b9bd914f9297ff2aa6d378de3746cf1701d6dd2e575934b987dceece16329c9a7ccbb52a19022977151918dfa2304777ecf9c3cef221c16453f5b869c2d25
- SSDEEP
  
  6144:7PMZuIF76gx04UVsSWvqZg8hKYjMZ8PaqzlvBaUamLzmZhLVPtkADlKHp+:7H7gx0JVsSNnkGLzHaPZhnkBp+
Score

10^/10

play ransomware spyware stealer
- PLAY Ransomware, PlayCrypt
  Ransomware family first seen in mid 2022.
  ransomware play
- Renames multiple (1518) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (8440) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

playransomwarespywarestealer

behavioral2