General

  • Target

    c50493e8253a049f4f60ac192086e93ff3211efe1dbd161bcb998dbad6845501

  • Size

    65KB

  • Sample

    250529-j6gtnsen9w

  • MD5

    09f09ffcb037655bd08162a4d2c9b075

  • SHA1

    dcb4bf0a6f74578eca04fe721822fe0aad419764

  • SHA256

    c50493e8253a049f4f60ac192086e93ff3211efe1dbd161bcb998dbad6845501

  • SHA512

    81a74ffce80ce0fb3260d803b10acce80b346f74c4df1c55be4a297cd75cbd65f42a24a17511254b0b3f5c59c849feb0d79ff19d74928bb9cb7a1ba0005b6ac0

  • SSDEEP

    768:uZ4FLz8ae+rOn8ae+rOrZkZ/7M4WZ4FLz8ae+rOn8ae+rOrZkZ/7M4UpW:uGII1GQ4WGII1GQ4h

Malware Config

Targets

    • Target

      c50493e8253a049f4f60ac192086e93ff3211efe1dbd161bcb998dbad6845501

    • Size

      65KB

    • MD5

      09f09ffcb037655bd08162a4d2c9b075

    • SHA1

      dcb4bf0a6f74578eca04fe721822fe0aad419764

    • SHA256

      c50493e8253a049f4f60ac192086e93ff3211efe1dbd161bcb998dbad6845501

    • SHA512

      81a74ffce80ce0fb3260d803b10acce80b346f74c4df1c55be4a297cd75cbd65f42a24a17511254b0b3f5c59c849feb0d79ff19d74928bb9cb7a1ba0005b6ac0

    • SSDEEP

      768:uZ4FLz8ae+rOn8ae+rOrZkZ/7M4WZ4FLz8ae+rOn8ae+rOrZkZ/7M4UpW:uGII1GQ4WGII1GQ4h

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5243) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks