General

  • Target

    825d6f8ef56b92d61aaa631111066410870bab73ecc54c2db8958d5fd7e64a73

  • Size

    51KB

  • Sample

    250529-jbmfnsel8t

  • MD5

    47f70202906aea5acb3abea8ee5a505c

  • SHA1

    b1b4f88a5f704dc571e67c565cafa264a1b5642b

  • SHA256

    825d6f8ef56b92d61aaa631111066410870bab73ecc54c2db8958d5fd7e64a73

  • SHA512

    1093daf2f9cefffd2bee0893d06524595ddb8cd9eca648efea15f974c3cdc44dae601082217a5c8c988501eb3a08d1058e327a2bdcc089f246af9cf12d6b5812

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJh7HJ0muigiyAb6YgHPc67PA4OM1fr:s7ZppApdIIoJhiJh/uiwAkkSOkfr

Malware Config

Targets

    • Target

      825d6f8ef56b92d61aaa631111066410870bab73ecc54c2db8958d5fd7e64a73

    • Size

      51KB

    • MD5

      47f70202906aea5acb3abea8ee5a505c

    • SHA1

      b1b4f88a5f704dc571e67c565cafa264a1b5642b

    • SHA256

      825d6f8ef56b92d61aaa631111066410870bab73ecc54c2db8958d5fd7e64a73

    • SHA512

      1093daf2f9cefffd2bee0893d06524595ddb8cd9eca648efea15f974c3cdc44dae601082217a5c8c988501eb3a08d1058e327a2bdcc089f246af9cf12d6b5812

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJh7HJ0muigiyAb6YgHPc67PA4OM1fr:s7ZppApdIIoJhiJh/uiwAkkSOkfr

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5201) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks