General

  • Target

    8d80647e2410b14956267e990c6a8f1546738bd63ef99ec819d9d03b95656af1

  • Size

    69KB

  • Sample

    250529-j7tjvsep2v

  • MD5

    5ed1ec9827dbd9524e2d0ef0bae0133d

  • SHA1

    2f97924b1c0224b9441abd52a028bc36a1ed9dd5

  • SHA256

    8d80647e2410b14956267e990c6a8f1546738bd63ef99ec819d9d03b95656af1

  • SHA512

    35560cde32c9f46055ff25b65340eb617eb8346fa640817ed9dd806219331906f8cea781462a5f3b60de049a5dcef798c86f843f4243f9ab3e897428701dbb41

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOrZkZ/7M4VZ4FLz8ae+rOn8ae+rOrZkZ/7M4T:s7ZppApdII1GQ4VGII1GQ4T

Malware Config

Targets

    • Target

      8d80647e2410b14956267e990c6a8f1546738bd63ef99ec819d9d03b95656af1

    • Size

      69KB

    • MD5

      5ed1ec9827dbd9524e2d0ef0bae0133d

    • SHA1

      2f97924b1c0224b9441abd52a028bc36a1ed9dd5

    • SHA256

      8d80647e2410b14956267e990c6a8f1546738bd63ef99ec819d9d03b95656af1

    • SHA512

      35560cde32c9f46055ff25b65340eb617eb8346fa640817ed9dd806219331906f8cea781462a5f3b60de049a5dcef798c86f843f4243f9ab3e897428701dbb41

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOrZkZ/7M4VZ4FLz8ae+rOn8ae+rOrZkZ/7M4T:s7ZppApdII1GQ4VGII1GQ4T

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5180) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks