General
-
Target
c50493e8253a049f4f60ac192086e93ff3211efe1dbd161bcb998dbad6845501
-
Size
65KB
-
Sample
250529-j6gtnsen9w
-
MD5
09f09ffcb037655bd08162a4d2c9b075
-
SHA1
dcb4bf0a6f74578eca04fe721822fe0aad419764
-
SHA256
c50493e8253a049f4f60ac192086e93ff3211efe1dbd161bcb998dbad6845501
-
SHA512
81a74ffce80ce0fb3260d803b10acce80b346f74c4df1c55be4a297cd75cbd65f42a24a17511254b0b3f5c59c849feb0d79ff19d74928bb9cb7a1ba0005b6ac0
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rOrZkZ/7M4WZ4FLz8ae+rOn8ae+rOrZkZ/7M4UpW:uGII1GQ4WGII1GQ4h
Static task
static1
Behavioral task
behavioral1
Sample
c50493e8253a049f4f60ac192086e93ff3211efe1dbd161bcb998dbad6845501.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
c50493e8253a049f4f60ac192086e93ff3211efe1dbd161bcb998dbad6845501
-
Size
65KB
-
MD5
09f09ffcb037655bd08162a4d2c9b075
-
SHA1
dcb4bf0a6f74578eca04fe721822fe0aad419764
-
SHA256
c50493e8253a049f4f60ac192086e93ff3211efe1dbd161bcb998dbad6845501
-
SHA512
81a74ffce80ce0fb3260d803b10acce80b346f74c4df1c55be4a297cd75cbd65f42a24a17511254b0b3f5c59c849feb0d79ff19d74928bb9cb7a1ba0005b6ac0
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rOrZkZ/7M4WZ4FLz8ae+rOn8ae+rOrZkZ/7M4UpW:uGII1GQ4WGII1GQ4h
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5243) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-