General
-
Target
91baa42316a36c5b7a4fc6268735276d33f3460cf9b5f7eb2676f8134e601748
-
Size
153KB
-
Sample
250529-lzqt4szqz9
-
MD5
40a28fafbc234792a3780bd0d95a1f38
-
SHA1
9af4e1c4aa0b2ad690f1b087f9f47a329c75f867
-
SHA256
91baa42316a36c5b7a4fc6268735276d33f3460cf9b5f7eb2676f8134e601748
-
SHA512
64627972632e223130aea08632ca6a3695505f6f5458d93514b371540668b7bc19fa9cc49a86c68569f5f0d00e16beaacbf9e1c9ee6ca1624c306925ec68fc63
-
SSDEEP
1536:uGII1GQ4cymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7FY:znzhQNv40j0PW1IrEfMtyhuC
Static task
static1
Behavioral task
behavioral1
Sample
91baa42316a36c5b7a4fc6268735276d33f3460cf9b5f7eb2676f8134e601748.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
91baa42316a36c5b7a4fc6268735276d33f3460cf9b5f7eb2676f8134e601748
-
Size
153KB
-
MD5
40a28fafbc234792a3780bd0d95a1f38
-
SHA1
9af4e1c4aa0b2ad690f1b087f9f47a329c75f867
-
SHA256
91baa42316a36c5b7a4fc6268735276d33f3460cf9b5f7eb2676f8134e601748
-
SHA512
64627972632e223130aea08632ca6a3695505f6f5458d93514b371540668b7bc19fa9cc49a86c68569f5f0d00e16beaacbf9e1c9ee6ca1624c306925ec68fc63
-
SSDEEP
1536:uGII1GQ4cymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7FY:znzhQNv40j0PW1IrEfMtyhuC
-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5280) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-