General
-
Target
762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.7z
-
Size
196KB
-
Sample
240528-qn2jpagc45
-
MD5
c98408216b11326367a7e27634910531
-
SHA1
de8be05ea9869f5ad9f43b3c40da0d1ff91a4fc9
-
SHA256
19f287ad3d83ee5798284481bb30fbb4eb9dc0c1ceb5f66682a8a83ffda5e1c0
-
SHA512
41f9467586118ce5fae015cf8f160146f088fb200ada908fae99b6a17b9bfd3be360f483e7b2cf7087d6ecc284d542f1fe8cc9ba2e12d8c75e458853ad0b8971
-
SSDEEP
3072:ABSp/PaT6h0l6JhFZ3ry/iynAc/i9GkX7UNkzbOPz6aRKo0clLk:SlT6g+bZby/ikgDWPz6roBk
Malware Config
Targets
-
-
Target
762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539
-
Size
458KB
-
MD5
8177fcfd49b44e0eff98320b0a713ff8
-
SHA1
8a40c9b2c5b0902d9dc0f159def55eea94063b1e
-
SHA256
762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539
-
SHA512
5821cc4bae9b43772c8253cbd9feac353d4b44b5ad3e9d786c96d3e4ec2147a7787115300658f10a22cc46bbc3032e7ecaf38d84f5167040775135d314e4de5a
-
SSDEEP
6144:f7M6Yn6fGlV0okVP3Z4FQmFKMUhhtpyr81fhKUqmLzmZuGVPVElK4p+:fsflV0pVP3aBcJyrs3qPZuocp+
Score10/10-
PLAY Ransomware, PlayCrypt
Ransomware family first seen in mid 2022.
-
Renames multiple (7924) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-