General

  • Target

    6593c1d70c4c8a9f48f4b34d222b9dbe9056726d14a878c00f002ffbd2acb3a9

  • Size

    49KB

  • Sample

    250529-j7tjvsep2w

  • MD5

    4207b3f5a39e7d00f1a0d778f840c04e

  • SHA1

    184bbf335acfc4b41e98b9a804713f02193e2ff4

  • SHA256

    6593c1d70c4c8a9f48f4b34d222b9dbe9056726d14a878c00f002ffbd2acb3a9

  • SHA512

    482681c4c76b0e198a8c103da8a6e366cbd4be856fe04e057e4ca91ff0642af51460c510fcadaa6b66849edb5b46cda8d203cc7568fbeba8288d605fc8754eaa

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOHPRPq+BSBmBCUK9+BSBmBCUK8Z4FLz8ae+rb:s7ZppApdIIHp1MkPMkfGIIHp1MkPMk5

Malware Config

Targets

    • Target

      6593c1d70c4c8a9f48f4b34d222b9dbe9056726d14a878c00f002ffbd2acb3a9

    • Size

      49KB

    • MD5

      4207b3f5a39e7d00f1a0d778f840c04e

    • SHA1

      184bbf335acfc4b41e98b9a804713f02193e2ff4

    • SHA256

      6593c1d70c4c8a9f48f4b34d222b9dbe9056726d14a878c00f002ffbd2acb3a9

    • SHA512

      482681c4c76b0e198a8c103da8a6e366cbd4be856fe04e057e4ca91ff0642af51460c510fcadaa6b66849edb5b46cda8d203cc7568fbeba8288d605fc8754eaa

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOHPRPq+BSBmBCUK9+BSBmBCUK8Z4FLz8ae+rb:s7ZppApdIIHp1MkPMkfGIIHp1MkPMk5

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5200) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks