General

  • Target

    9103c5d45205a5b523a5ac672f47b0aac8dc052fc273f0367c259d9fb973e467

  • Size

    52KB

  • Sample

    250529-j7klyszk18

  • MD5

    9c317065b3a995895b26c4bafea84e4a

  • SHA1

    36c4205ce8120e79c672dbef34038d7c087ff5db

  • SHA256

    9103c5d45205a5b523a5ac672f47b0aac8dc052fc273f0367c259d9fb973e467

  • SHA512

    fec5f8c3e780de03194f3e17c157a4ec435ec33e292395e55a70d6cd4c63176aa8464114db9f6d006a32e77a9c551c24884739b031460dd69a515fa1d9f7fb7a

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rO+4aZ4FLz8ae+rOn8ae+rO+45FLRFRq:s7ZppApdII+4aGII+4z8

Malware Config

Targets

    • Target

      9103c5d45205a5b523a5ac672f47b0aac8dc052fc273f0367c259d9fb973e467

    • Size

      52KB

    • MD5

      9c317065b3a995895b26c4bafea84e4a

    • SHA1

      36c4205ce8120e79c672dbef34038d7c087ff5db

    • SHA256

      9103c5d45205a5b523a5ac672f47b0aac8dc052fc273f0367c259d9fb973e467

    • SHA512

      fec5f8c3e780de03194f3e17c157a4ec435ec33e292395e55a70d6cd4c63176aa8464114db9f6d006a32e77a9c551c24884739b031460dd69a515fa1d9f7fb7a

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rO+4aZ4FLz8ae+rOn8ae+rO+45FLRFRq:s7ZppApdII+4aGII+4z8

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5197) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks