General
-
Target
56b67954dba6c3dbc21589452bd196eb914a7828c718746dc68e8b4df5b27d42
-
Size
43KB
-
Sample
250529-j6saeazk13
-
MD5
e8363ce72624381a23b46028bac3e6ad
-
SHA1
6ef22a3b82ee5a813a8910912644fdcaefcdfc6b
-
SHA256
56b67954dba6c3dbc21589452bd196eb914a7828c718746dc68e8b4df5b27d42
-
SHA512
767dee61549ce7b638d161dee194b1e69c6702c72d0d986508357903e6272269ff87db664b32fadd0faef6a5f9156d7502902d50e5c0dc0727670d90e7882881
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rO2aNQP+UDQvJCKYCKb:uGIIJQP+UDQvJeF
Static task
static1
Behavioral task
behavioral1
Sample
56b67954dba6c3dbc21589452bd196eb914a7828c718746dc68e8b4df5b27d42.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
56b67954dba6c3dbc21589452bd196eb914a7828c718746dc68e8b4df5b27d42.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
56b67954dba6c3dbc21589452bd196eb914a7828c718746dc68e8b4df5b27d42
-
Size
43KB
-
MD5
e8363ce72624381a23b46028bac3e6ad
-
SHA1
6ef22a3b82ee5a813a8910912644fdcaefcdfc6b
-
SHA256
56b67954dba6c3dbc21589452bd196eb914a7828c718746dc68e8b4df5b27d42
-
SHA512
767dee61549ce7b638d161dee194b1e69c6702c72d0d986508357903e6272269ff87db664b32fadd0faef6a5f9156d7502902d50e5c0dc0727670d90e7882881
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rO2aNQP+UDQvJCKYCKb:uGIIJQP+UDQvJeF
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5213) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-