General

  • Target

    91baa42316a36c5b7a4fc6268735276d33f3460cf9b5f7eb2676f8134e601748

  • Size

    153KB

  • Sample

    250529-lzqt4szqz9

  • MD5

    40a28fafbc234792a3780bd0d95a1f38

  • SHA1

    9af4e1c4aa0b2ad690f1b087f9f47a329c75f867

  • SHA256

    91baa42316a36c5b7a4fc6268735276d33f3460cf9b5f7eb2676f8134e601748

  • SHA512

    64627972632e223130aea08632ca6a3695505f6f5458d93514b371540668b7bc19fa9cc49a86c68569f5f0d00e16beaacbf9e1c9ee6ca1624c306925ec68fc63

  • SSDEEP

    1536:uGII1GQ4cymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7FY:znzhQNv40j0PW1IrEfMtyhuC

Malware Config

Targets

    • Target

      91baa42316a36c5b7a4fc6268735276d33f3460cf9b5f7eb2676f8134e601748

    • Size

      153KB

    • MD5

      40a28fafbc234792a3780bd0d95a1f38

    • SHA1

      9af4e1c4aa0b2ad690f1b087f9f47a329c75f867

    • SHA256

      91baa42316a36c5b7a4fc6268735276d33f3460cf9b5f7eb2676f8134e601748

    • SHA512

      64627972632e223130aea08632ca6a3695505f6f5458d93514b371540668b7bc19fa9cc49a86c68569f5f0d00e16beaacbf9e1c9ee6ca1624c306925ec68fc63

    • SSDEEP

      1536:uGII1GQ4cymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7FY:znzhQNv40j0PW1IrEfMtyhuC

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5280) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks