General

  • Target

    0acc9c67da8dabf4b9798a84d4e9386793aba0dce8facf74c37908608742cbfe

  • Size

    141KB

  • Sample

    250529-h6s19sel2v

  • MD5

    162d7d600f9ec6068df02b18ef2d486b

  • SHA1

    7ffb1e569dc164eb64bd9454dae81ff3cdeadcff

  • SHA256

    0acc9c67da8dabf4b9798a84d4e9386793aba0dce8facf74c37908608742cbfe

  • SHA512

    6f8c2cfdaf37424d51c1374ecc76b377988075f00f715100982d6bc8c419352a122f5c64e6c7b9e132848fb9f782f32647426854eee03692c4044a806f247a85

  • SSDEEP

    3072:spWp/CFmjIUjnBiFRlZQlVvr85iN/YG0FBZcM:NNCFeBSI385i32Zl

Malware Config

Targets

    • Target

      0acc9c67da8dabf4b9798a84d4e9386793aba0dce8facf74c37908608742cbfe

    • Size

      141KB

    • MD5

      162d7d600f9ec6068df02b18ef2d486b

    • SHA1

      7ffb1e569dc164eb64bd9454dae81ff3cdeadcff

    • SHA256

      0acc9c67da8dabf4b9798a84d4e9386793aba0dce8facf74c37908608742cbfe

    • SHA512

      6f8c2cfdaf37424d51c1374ecc76b377988075f00f715100982d6bc8c419352a122f5c64e6c7b9e132848fb9f782f32647426854eee03692c4044a806f247a85

    • SSDEEP

      3072:spWp/CFmjIUjnBiFRlZQlVvr85iN/YG0FBZcM:NNCFeBSI385i32Zl

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (4847) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks