General
-
Target
be216b7e8c03ffe7e7aa5dda55265aace58eea0252dc3d1d1ed5478e881e405c
-
Size
70KB
-
Sample
250529-j56reaen81
-
MD5
f9c08479c0cb98b2317680874afe1831
-
SHA1
332e596c85cc1676e696cedbdceb4e07026b6cba
-
SHA256
be216b7e8c03ffe7e7aa5dda55265aace58eea0252dc3d1d1ed5478e881e405c
-
SHA512
cffe4bdfedcd0eccdf8e34a812cffa7efba0042201050c5872f3cdd7e530c02094aee4b5164d10e867ba7d1f8724aac183c4b91f32dd3fe30091574daa8c2515
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rO2aNQP+UDQvbZ4FLz8ae+rOn8ae+rO2aNQP+UDQvoGU:uGIIJQP+UDQvbGIIJQP+UDQvoGU
Static task
static1
Behavioral task
behavioral1
Sample
be216b7e8c03ffe7e7aa5dda55265aace58eea0252dc3d1d1ed5478e881e405c.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
be216b7e8c03ffe7e7aa5dda55265aace58eea0252dc3d1d1ed5478e881e405c
-
Size
70KB
-
MD5
f9c08479c0cb98b2317680874afe1831
-
SHA1
332e596c85cc1676e696cedbdceb4e07026b6cba
-
SHA256
be216b7e8c03ffe7e7aa5dda55265aace58eea0252dc3d1d1ed5478e881e405c
-
SHA512
cffe4bdfedcd0eccdf8e34a812cffa7efba0042201050c5872f3cdd7e530c02094aee4b5164d10e867ba7d1f8724aac183c4b91f32dd3fe30091574daa8c2515
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rO2aNQP+UDQvbZ4FLz8ae+rOn8ae+rO2aNQP+UDQvoGU:uGIIJQP+UDQvbGIIJQP+UDQvoGU
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5224) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-