General
-
Target
bb2a3f72f1488e568535c828df115c8e21ca130975c77da02c9d705f57fafc89
-
Size
45KB
-
Sample
250529-kda14aeq2s
-
MD5
0165e05604670f3cf292d3b8d2642758
-
SHA1
ae251e7b7da0bd7392576402bb732dbe4d6c61a9
-
SHA256
bb2a3f72f1488e568535c828df115c8e21ca130975c77da02c9d705f57fafc89
-
SHA512
0dfdcac2d643b39e8b2319d18baa345f6984094fd0c8d357af4ddefff836717f42934863e05edc47d36938788e9be384c02b2fc970d4fd4487c7aacd96296d23
-
SSDEEP
768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJhNx2lwI0d2zuNFWts0SoBj5tkXED2uv:s7ZppApdIIoJhiJhN8lwI0deEvoBjvnH
Behavioral task
behavioral1
Sample
bb2a3f72f1488e568535c828df115c8e21ca130975c77da02c9d705f57fafc89.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
bb2a3f72f1488e568535c828df115c8e21ca130975c77da02c9d705f57fafc89
-
Size
45KB
-
MD5
0165e05604670f3cf292d3b8d2642758
-
SHA1
ae251e7b7da0bd7392576402bb732dbe4d6c61a9
-
SHA256
bb2a3f72f1488e568535c828df115c8e21ca130975c77da02c9d705f57fafc89
-
SHA512
0dfdcac2d643b39e8b2319d18baa345f6984094fd0c8d357af4ddefff836717f42934863e05edc47d36938788e9be384c02b2fc970d4fd4487c7aacd96296d23
-
SSDEEP
768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJhNx2lwI0d2zuNFWts0SoBj5tkXED2uv:s7ZppApdIIoJhiJhN8lwI0deEvoBjvnH
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-