General

  • Target

    a14b5e41cc06a476ac6369c300d9c96ab483a761cdf9b309cff5f996abcf60cd

  • Size

    79KB

  • Sample

    250529-j71m6szk19

  • MD5

    df00b78204fe0a4e67c46f023ae071df

  • SHA1

    b636f5ae6371177498de79c8266f6156dc868a4e

  • SHA256

    a14b5e41cc06a476ac6369c300d9c96ab483a761cdf9b309cff5f996abcf60cd

  • SHA512

    0440c1835b09d511c73ba436fa433b43547e724492b700edcc2b5862ec7494c3d16843eea38d6c6829f2347c93de68ffa2729cdc2f864312d5bf9fc57226b3e8

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvGZ4FLz8ae+rOn8ae+rO2aNQP+l:s7ZppApdIIJQP+UDQvGGIIJQP+UDQvp

Malware Config

Targets

    • Target

      a14b5e41cc06a476ac6369c300d9c96ab483a761cdf9b309cff5f996abcf60cd

    • Size

      79KB

    • MD5

      df00b78204fe0a4e67c46f023ae071df

    • SHA1

      b636f5ae6371177498de79c8266f6156dc868a4e

    • SHA256

      a14b5e41cc06a476ac6369c300d9c96ab483a761cdf9b309cff5f996abcf60cd

    • SHA512

      0440c1835b09d511c73ba436fa433b43547e724492b700edcc2b5862ec7494c3d16843eea38d6c6829f2347c93de68ffa2729cdc2f864312d5bf9fc57226b3e8

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvGZ4FLz8ae+rOn8ae+rO2aNQP+l:s7ZppApdIIJQP+UDQvGGIIJQP+UDQvp

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5056) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks