General
-
Target
xxx_exe_13013236406.zip
-
Size
240KB
-
Sample
231117-ghey3afh24
-
MD5
472a2efa534971347cc127445a714535
-
SHA1
4a7a7ae21d667414bf4efe3165838e0b8a7cd300
-
SHA256
20382d589462ca1865ad112db93060fdd1b067fcf35debb6db5da2c377596fdc
-
SHA512
a75073683893c9e3f864f2b1bc23ed03d17dc694390975987a4f9fb5706e21ddb000b7cecf774369b75d22e6b036d0a0b65f5db30109e703e32816e01127b27c
-
SSDEEP
6144:pVGIgDWVCW27UFqexOQKAk9JHOm5J0Nz8ChIiEioohV:3/KWVCWFFboHdJ5J0NZrHV
Malware Config
Targets
-
-
Target
0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1
-
Size
458KB
-
MD5
a8e5d4ef39be51f96c1374d3b3249297
-
SHA1
080638196673615c51c16425a0e19ace849b917e
-
SHA256
0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1
-
SHA512
413b864d9e7ecdfff5d314081cecf294ef0fcb14d63ee38e773cdc6c38da4b60172bf97ebbd3c5e8596efba993105a4e286889a99ba996c0c15396dfc7d73591
-
SSDEEP
6144:Z/MZO4aLcwC0IEVvOCcxmwMSKM3mhM+rTV/yqUKmLzmZhbVPntlKmp+:ZXiwC0pVvOfx1uvrEXKPZhRHp+
Score10/10-
PLAY Ransomware, PlayCrypt
Ransomware family first seen in mid 2022.
-
Renames multiple (7307) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (8429) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-