General

  • Target

    b38f9526ebc6b59c267b7567f01c22a75168015a48fb0260a35c76e669b652c0

  • Size

    18KB

  • Sample

    250529-h3xkaayye1

  • MD5

    24ab0cd24136a23b222d718b5a466932

  • SHA1

    257d4758de2fe7e81f571d6395b21251f4850a5d

  • SHA256

    b38f9526ebc6b59c267b7567f01c22a75168015a48fb0260a35c76e669b652c0

  • SHA512

    7fefe0a01f9a25ebd2f9d9d1a4449f3f5bca5e3f4860a5b31cbbe609a6f9f9b3567de2dd6a04958d42d40c50e9336f27c78c21023c2ee8bc2e389c07529abbe9

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOv1I:uZ4FLz8ae+rOn8ae+rOy

Malware Config

Targets

    • Target

      b38f9526ebc6b59c267b7567f01c22a75168015a48fb0260a35c76e669b652c0

    • Size

      18KB

    • MD5

      24ab0cd24136a23b222d718b5a466932

    • SHA1

      257d4758de2fe7e81f571d6395b21251f4850a5d

    • SHA256

      b38f9526ebc6b59c267b7567f01c22a75168015a48fb0260a35c76e669b652c0

    • SHA512

      7fefe0a01f9a25ebd2f9d9d1a4449f3f5bca5e3f4860a5b31cbbe609a6f9f9b3567de2dd6a04958d42d40c50e9336f27c78c21023c2ee8bc2e389c07529abbe9

    • SSDEEP

      384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOv1I:uZ4FLz8ae+rOn8ae+rOy

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5289) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks