General
-
Target
cf04349eee150480db31b4e281e037ac17d39bec83f31f76f0fce632eb415490
-
Size
34KB
-
Sample
250529-lzqjcazyax
-
MD5
068643dcb1bc79ed0bff4a99c9e2d577
-
SHA1
f11885a30e9b2c5e596b0b10504d2bc966107400
-
SHA256
cf04349eee150480db31b4e281e037ac17d39bec83f31f76f0fce632eb415490
-
SHA512
0c1eb75d07447716fb2e69de2faada3964e9841439bfe35c78834ec38cdaa1ed82b0186b42fd86205bb945a1aba8bffb5de752136809472ac3117d22b766cf59
-
SSDEEP
384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOYE/AE/DZKNZKy7MwlwHnFn5A:uZ4FLz8ae+rOn8ae+rOrZkZ/7M4anFnK
Static task
static1
Behavioral task
behavioral1
Sample
cf04349eee150480db31b4e281e037ac17d39bec83f31f76f0fce632eb415490.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
cf04349eee150480db31b4e281e037ac17d39bec83f31f76f0fce632eb415490.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
cf04349eee150480db31b4e281e037ac17d39bec83f31f76f0fce632eb415490
-
Size
34KB
-
MD5
068643dcb1bc79ed0bff4a99c9e2d577
-
SHA1
f11885a30e9b2c5e596b0b10504d2bc966107400
-
SHA256
cf04349eee150480db31b4e281e037ac17d39bec83f31f76f0fce632eb415490
-
SHA512
0c1eb75d07447716fb2e69de2faada3964e9841439bfe35c78834ec38cdaa1ed82b0186b42fd86205bb945a1aba8bffb5de752136809472ac3117d22b766cf59
-
SSDEEP
384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOYE/AE/DZKNZKy7MwlwHnFn5A:uZ4FLz8ae+rOn8ae+rOrZkZ/7M4anFnK
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5037) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-