General

  • Target

    763475916480ade53ccfe071e718904d16ad5880fcdc12db415bc04a2e933fd5

  • Size

    80KB

  • Sample

    250529-lzrreazyay

  • MD5

    624c5c8c99e2ba380adeb8a27215a05c

  • SHA1

    4a29d2a5626d2ebde027ed3d485ccd6b637b41fe

  • SHA256

    763475916480ade53ccfe071e718904d16ad5880fcdc12db415bc04a2e933fd5

  • SHA512

    ca71c56f657acd31ad9807be70cbd3931d700fa5db564daff13eb351bf90406cece3f15206eab88401b5daeb72be52b00fb1c4822a79b4f3122402914a56660c

  • SSDEEP

    1536:s7ZppApdII1GeFGFBYythAYythBGII1GeFGFBYythAYythM:spWpshUhFhUhM

Malware Config

Targets

    • Target

      763475916480ade53ccfe071e718904d16ad5880fcdc12db415bc04a2e933fd5

    • Size

      80KB

    • MD5

      624c5c8c99e2ba380adeb8a27215a05c

    • SHA1

      4a29d2a5626d2ebde027ed3d485ccd6b637b41fe

    • SHA256

      763475916480ade53ccfe071e718904d16ad5880fcdc12db415bc04a2e933fd5

    • SHA512

      ca71c56f657acd31ad9807be70cbd3931d700fa5db564daff13eb351bf90406cece3f15206eab88401b5daeb72be52b00fb1c4822a79b4f3122402914a56660c

    • SSDEEP

      1536:s7ZppApdII1GeFGFBYythAYythBGII1GeFGFBYythAYythM:spWpshUhFhUhM

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5036) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks