play | cdb54fee4c049cfd0bd09206414e1c8bd5ec5cbab7e7fff30b2c8ae90796439e | Triage

Sharing

General

Target

38775537030769180f53c8a9070de02086dcf762eea17d3f086d761a0c3f858a
Size

481KB
Sample

250401-tz5l9svk19
MD5

3039e3c5a73f506446882271569da699
SHA1

fe6c2d80fe6e20e23ffd5c36116b31b0c33ab926
SHA256

cdb54fee4c049cfd0bd09206414e1c8bd5ec5cbab7e7fff30b2c8ae90796439e
SHA512

7e95e5eefe9a3cf538eaa5adc4f454366d887ffcdb20ed5145731a77f0a12ccd07be67e7a90205230065c793d917c0c96e0abc68f22db2fc31467c53ede1a0a8
SSDEEP

6144:cn2GnFwd6CWwR802pdHMzqIxkFBtL12sFekDKUTP7ondtxvyaeZSNGilD6uH:O2G3CWlMz2BFnWqTodrvPeCRF6uH

Score

10^/10

play discovery ransomware spyware stealer

Malware Config

Targets

- Target
  
  38775537030769180f53c8a9070de02086dcf762eea17d3f086d761a0c3f858a
- Size
  
  481KB
- MD5
  
  3039e3c5a73f506446882271569da699
- SHA1
  
  fe6c2d80fe6e20e23ffd5c36116b31b0c33ab926
- SHA256
  
  cdb54fee4c049cfd0bd09206414e1c8bd5ec5cbab7e7fff30b2c8ae90796439e
- SHA512
  
  7e95e5eefe9a3cf538eaa5adc4f454366d887ffcdb20ed5145731a77f0a12ccd07be67e7a90205230065c793d917c0c96e0abc68f22db2fc31467c53ede1a0a8
- SSDEEP
  
  6144:cn2GnFwd6CWwR802pdHMzqIxkFBtL12sFekDKUTP7ondtxvyaeZSNGilD6uH:O2G3CWlMz2BFnWqTodrvPeCRF6uH
Score

10^/10

play discovery ransomware spyware stealer
- PLAY Ransomware, PlayCrypt
  Ransomware family first seen in mid 2022.
  ransomware play
- Play family
  play
- Renames multiple (7492) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

playdiscoveryransomwarespywarestealer