General

  • Target

    97762e835be468433809e5897c0bdea94c0fe342ed253ad14786fa1fbd185483

  • Size

    36KB

  • Sample

    250529-j6aelaen9s

  • MD5

    15a0ef9f153d59ff410cfac0d34f1c1f

  • SHA1

    04ac959d991eeed8ff9e21d8f6ac9eaa3a532c4a

  • SHA256

    97762e835be468433809e5897c0bdea94c0fe342ed253ad14786fa1fbd185483

  • SHA512

    a1978538e5d24fc98f4e4f7ecc274d5469adf5b6cd05c0b7212865880535f5950d56345d48b9098fa9c1a64348b82e41936b32cf54ad6633a60728d572cb2d91

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOfijcijK2J7u82J7uFBlBb:uZ4FLz8ae+rOn8ae+rOfXqJ7gJ7ITh

Malware Config

Targets

    • Target

      97762e835be468433809e5897c0bdea94c0fe342ed253ad14786fa1fbd185483

    • Size

      36KB

    • MD5

      15a0ef9f153d59ff410cfac0d34f1c1f

    • SHA1

      04ac959d991eeed8ff9e21d8f6ac9eaa3a532c4a

    • SHA256

      97762e835be468433809e5897c0bdea94c0fe342ed253ad14786fa1fbd185483

    • SHA512

      a1978538e5d24fc98f4e4f7ecc274d5469adf5b6cd05c0b7212865880535f5950d56345d48b9098fa9c1a64348b82e41936b32cf54ad6633a60728d572cb2d91

    • SSDEEP

      384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOfijcijK2J7u82J7uFBlBb:uZ4FLz8ae+rOn8ae+rOfXqJ7gJ7ITh

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5242) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks