General

  • Target

    56b67954dba6c3dbc21589452bd196eb914a7828c718746dc68e8b4df5b27d42

  • Size

    43KB

  • Sample

    250529-j6saeazk13

  • MD5

    e8363ce72624381a23b46028bac3e6ad

  • SHA1

    6ef22a3b82ee5a813a8910912644fdcaefcdfc6b

  • SHA256

    56b67954dba6c3dbc21589452bd196eb914a7828c718746dc68e8b4df5b27d42

  • SHA512

    767dee61549ce7b638d161dee194b1e69c6702c72d0d986508357903e6272269ff87db664b32fadd0faef6a5f9156d7502902d50e5c0dc0727670d90e7882881

  • SSDEEP

    768:uZ4FLz8ae+rOn8ae+rO2aNQP+UDQvJCKYCKb:uGIIJQP+UDQvJeF

Malware Config

Targets

    • Target

      56b67954dba6c3dbc21589452bd196eb914a7828c718746dc68e8b4df5b27d42

    • Size

      43KB

    • MD5

      e8363ce72624381a23b46028bac3e6ad

    • SHA1

      6ef22a3b82ee5a813a8910912644fdcaefcdfc6b

    • SHA256

      56b67954dba6c3dbc21589452bd196eb914a7828c718746dc68e8b4df5b27d42

    • SHA512

      767dee61549ce7b638d161dee194b1e69c6702c72d0d986508357903e6272269ff87db664b32fadd0faef6a5f9156d7502902d50e5c0dc0727670d90e7882881

    • SSDEEP

      768:uZ4FLz8ae+rOn8ae+rO2aNQP+UDQvJCKYCKb:uGIIJQP+UDQvJeF

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5213) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks