General

  • Target

    437fdbc663c220aa06c5898fa7fb008b2d2e066ee172f45f07c6fac64f0907a1

  • Size

    642KB

  • Sample

    250529-j8szqazls8

  • MD5

    227362b7a24aff60aa9ea404afb9142d

  • SHA1

    6492abb6a1ac320f6c0e5283a7d0bebd59c87b33

  • SHA256

    437fdbc663c220aa06c5898fa7fb008b2d2e066ee172f45f07c6fac64f0907a1

  • SHA512

    1e6129be78532ee5164d7b09381482733b0f751b583e9ea635c760905ad17cb45b08dc068bab1588dabad63c49c5aaac9805927b2da0aae40ea262a4c807de72

  • SSDEEP

    6144:N7hnn4LkHOMgVpPDe9C+fv5TBLwZzl7uQ:znn4NV1DMC+fPLwZ4Q

Malware Config

Targets

    • Target

      437fdbc663c220aa06c5898fa7fb008b2d2e066ee172f45f07c6fac64f0907a1

    • Size

      642KB

    • MD5

      227362b7a24aff60aa9ea404afb9142d

    • SHA1

      6492abb6a1ac320f6c0e5283a7d0bebd59c87b33

    • SHA256

      437fdbc663c220aa06c5898fa7fb008b2d2e066ee172f45f07c6fac64f0907a1

    • SHA512

      1e6129be78532ee5164d7b09381482733b0f751b583e9ea635c760905ad17cb45b08dc068bab1588dabad63c49c5aaac9805927b2da0aae40ea262a4c807de72

    • SSDEEP

      6144:N7hnn4LkHOMgVpPDe9C+fv5TBLwZzl7uQ:znn4NV1DMC+fPLwZ4Q

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (3233) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks