REPLAY: Revisiting Play Ransomware AntiAnalysis Techniques

1(520) 261-1728

REPLAY: Revisiting Play Ransomware AntiAnalysis Techniques

This analysis revisits the anti-analysis techniques employed by recent variants of the Play ransomware, which is known for targeting industries like healthcare and telecommunications across various regions. The report explains how the ransomware utilizes techniques like return-oriented programming (ROP), anti-disassembling tricks, junk code insertion, exploiting the Structured Exception Handling (SEH) mechanism, string obfuscation, and API hashing to hinder analysis and detection. Scripts developed by Netskope Threat Labs to aid in countering these techniques are also discussed. Author: AlienVault

Related Tags:
anti-analysis

T1059.006

Play

T1059.001

ransomware

PLAYCrypt

T1059

T1027

T1497

Associated Indicators:
7BC87A26137CC07CABF31E6E4BCD0E514846B5DD727A29132919F2E6B317CDE8

3F943430B49481ACA6F57051ED0CED1A08038373F063AFDD2423D8D72B19B545

F741B66592C42E73AF7ADC46815CF6183765A2FB6A5F9F96CC75EAAF7DC15402

99B6F4812A0E62099CB61D9BED5CAAD35182DFEB

11FF7FAC569F28D31F11B2E738431B25

Threat Intel Solutions

REPLAY: Revisiting Play Ransomware AntiAnalysis Techniques

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us