General

  • Target

    cf04349eee150480db31b4e281e037ac17d39bec83f31f76f0fce632eb415490

  • Size

    34KB

  • Sample

    250529-lzqjcazyax

  • MD5

    068643dcb1bc79ed0bff4a99c9e2d577

  • SHA1

    f11885a30e9b2c5e596b0b10504d2bc966107400

  • SHA256

    cf04349eee150480db31b4e281e037ac17d39bec83f31f76f0fce632eb415490

  • SHA512

    0c1eb75d07447716fb2e69de2faada3964e9841439bfe35c78834ec38cdaa1ed82b0186b42fd86205bb945a1aba8bffb5de752136809472ac3117d22b766cf59

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOYE/AE/DZKNZKy7MwlwHnFn5A:uZ4FLz8ae+rOn8ae+rOrZkZ/7M4anFnK

Malware Config

Targets

    • Target

      cf04349eee150480db31b4e281e037ac17d39bec83f31f76f0fce632eb415490

    • Size

      34KB

    • MD5

      068643dcb1bc79ed0bff4a99c9e2d577

    • SHA1

      f11885a30e9b2c5e596b0b10504d2bc966107400

    • SHA256

      cf04349eee150480db31b4e281e037ac17d39bec83f31f76f0fce632eb415490

    • SHA512

      0c1eb75d07447716fb2e69de2faada3964e9841439bfe35c78834ec38cdaa1ed82b0186b42fd86205bb945a1aba8bffb5de752136809472ac3117d22b766cf59

    • SSDEEP

      384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOYE/AE/DZKNZKy7MwlwHnFn5A:uZ4FLz8ae+rOn8ae+rOrZkZ/7M4anFnK

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5037) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks