General

  • Target

    6de3682eeeefa659273d6c8d4944c8a686947e2d68e4e453af4aac6525acd6b8

  • Size

    22KB

  • Sample

    250529-j9nfmazlt6

  • MD5

    0d784a1fec5fc175fa62d78707a0ddbc

  • SHA1

    9c4c42906f5ec4e7fac4c7073d7a15dc5b88cbf7

  • SHA256

    6de3682eeeefa659273d6c8d4944c8a686947e2d68e4e453af4aac6525acd6b8

  • SHA512

    1dac7afd0008e1a949cb799bd99d59701d142981f41c0442d7cf379406e48e8a592486386386f1c4b857d28fd6ed4293e7c9afd6a8180daee9e41e9f9b706a57

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rO3ILAqAJOzAqAJOV:uZ4FLz8ae+rOn8ae+rO3IMqAJ/qAJA

Malware Config

Targets

    • Target

      6de3682eeeefa659273d6c8d4944c8a686947e2d68e4e453af4aac6525acd6b8

    • Size

      22KB

    • MD5

      0d784a1fec5fc175fa62d78707a0ddbc

    • SHA1

      9c4c42906f5ec4e7fac4c7073d7a15dc5b88cbf7

    • SHA256

      6de3682eeeefa659273d6c8d4944c8a686947e2d68e4e453af4aac6525acd6b8

    • SHA512

      1dac7afd0008e1a949cb799bd99d59701d142981f41c0442d7cf379406e48e8a592486386386f1c4b857d28fd6ed4293e7c9afd6a8180daee9e41e9f9b706a57

    • SSDEEP

      384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rO3ILAqAJOzAqAJOV:uZ4FLz8ae+rOn8ae+rO3IMqAJ/qAJA

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5287) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks