Community Feature - @cPeterr
In this blog post, Curated Intelligence member Chuong Dong shared his findings after reverse engineering the PLAY ransomware's code obfuscation and encryption features.
https://chuongdong.com/reverse%20engineering/2022/09/03/PLAYRansomware/
Chuong's analysis highlighted that PLAY uses a hybrid-cryptography scheme of RSA and AES to encrypt files. The ransomware executable is also highly obfuscated with various different anti-analysis tricks that are rarely seen in malware families that came before it.
Curated Intel Community Features are sourced using our Member Content channel on Discord. If you have recently produced a noteworthy piece of writing, a project, a podcast, an infographic or other CTI content let us know!