General

  • Target

    a8837edfc97a1236f4aceb542c305ef678115d57e60d5e5916d0d6370adb281a

  • Size

    19KB

  • Sample

    250529-j6c6gszk12

  • MD5

    f2f47d6947ef9f29daa6d6ae1ccd6b65

  • SHA1

    14df8482e29a3341390a73e1eb962d57b571b5c7

  • SHA256

    a8837edfc97a1236f4aceb542c305ef678115d57e60d5e5916d0d6370adb281a

  • SHA512

    f52b7b71ed2e285332e859f00bd66b11f97d6339a735c3e1c142d2a710ec99e854065673aae2a8deb3f9bd8a9b7338635bf55fb770a6bc5c7374e3418a1ae557

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOb8WFq:uZ4FLz8ae+rOn8ae+rOb8WFq

Malware Config

Targets

    • Target

      a8837edfc97a1236f4aceb542c305ef678115d57e60d5e5916d0d6370adb281a

    • Size

      19KB

    • MD5

      f2f47d6947ef9f29daa6d6ae1ccd6b65

    • SHA1

      14df8482e29a3341390a73e1eb962d57b571b5c7

    • SHA256

      a8837edfc97a1236f4aceb542c305ef678115d57e60d5e5916d0d6370adb281a

    • SHA512

      f52b7b71ed2e285332e859f00bd66b11f97d6339a735c3e1c142d2a710ec99e854065673aae2a8deb3f9bd8a9b7338635bf55fb770a6bc5c7374e3418a1ae557

    • SSDEEP

      384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOb8WFq:uZ4FLz8ae+rOn8ae+rOb8WFq

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5295) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks