General
-
Target
96b931f4f7038e3cbd9e438d3202f781d5eaffb299bbd137ba5f3112f46ff842.rar
-
Size
224KB
-
Sample
250211-y6htaszjb1
-
MD5
3b026def74ee8f956a18506d122f1d06
-
SHA1
32139617ed6b8b53424c6fa6068477d1f9c2ab1d
-
SHA256
96b931f4f7038e3cbd9e438d3202f781d5eaffb299bbd137ba5f3112f46ff842
-
SHA512
72fdc6b16dcc4830af56499bdd2688e8a2e55b63a6ad0e2de25c869001400913e7c3eb1fc37928a9ca2902d8ae5aca983f93a90eceaa9f2769ba71a619c2f833
-
SSDEEP
6144:WHzf+FSzG0G4WHU2SIC5ys4flEDvo0dHRZKZAeQegD:6D+Fj0G4WH9Sb5vDlRZKFQBD
Malware Config
Targets
-
-
Target
hi.exe
-
Size
481KB
-
MD5
75367b27129a302e5ef5930a2c9699c0
-
SHA1
73c3e68f1c25a4071e8bd035486d2445bbcb2aa7
-
SHA256
a782b9d82f21fb3aac32de6d24a8730eb39f1bd34bc590ca03fa6bb527c74fec
-
SHA512
8d4195ff8174cbae829723452bd6f1f78c9b00a28a041d8e346d4c45dac1a0956467f68ce3083761d801d707a782b89d0832213ded2ddf432ba15ab2e0bcf78c
-
SSDEEP
6144:anGGn1wd4WWkSFyzAAe8zCgJkihWjduuNacDK8TOIwn5PKNuxK9u1Ot6u:QGGJWWT8zxho7WiPw5P0uiC86u
Score10/10-
PLAY Ransomware, PlayCrypt
Ransomware family first seen in mid 2022.
-
Play family
-
Renames multiple (8493) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1