General

  • Target

    dafb5ac1c6fd1f3b6d2e83f52d4d3ee75cad504b80a972310900e5b2c2d5ed6d

  • Size

    46KB

  • Sample

    250529-j51kdsen8z

  • MD5

    0f796a8b3aab03ae73eee25ced8edd29

  • SHA1

    baab7d547d1d5dd8e2308e6cc0eda576787c242d

  • SHA256

    dafb5ac1c6fd1f3b6d2e83f52d4d3ee75cad504b80a972310900e5b2c2d5ed6d

  • SHA512

    4f990fbd20284ed8b3ecf27145e75b9ff599af04ae53839a88fa85755e5d6a6563fa2f9872bf46455378ea6ef192cbcd9fa62d8c554b920c5cbc6a3c881d0fab

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvqhs:s7ZppApdIIJQP+UDQvqhs

Malware Config

Targets

    • Target

      dafb5ac1c6fd1f3b6d2e83f52d4d3ee75cad504b80a972310900e5b2c2d5ed6d

    • Size

      46KB

    • MD5

      0f796a8b3aab03ae73eee25ced8edd29

    • SHA1

      baab7d547d1d5dd8e2308e6cc0eda576787c242d

    • SHA256

      dafb5ac1c6fd1f3b6d2e83f52d4d3ee75cad504b80a972310900e5b2c2d5ed6d

    • SHA512

      4f990fbd20284ed8b3ecf27145e75b9ff599af04ae53839a88fa85755e5d6a6563fa2f9872bf46455378ea6ef192cbcd9fa62d8c554b920c5cbc6a3c881d0fab

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvqhs:s7ZppApdIIJQP+UDQvqhs

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5221) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks