General

  • Target

    0a12f5cdce954dc4eaca8b1454ee36a1b228a8e6b933d0f8f0784cbe3829e53d

  • Size

    69KB

  • Sample

    250529-lzscyazq14

  • MD5

    1395b4a04e2b021326eb9fa5113cc35c

  • SHA1

    8d6f12857aba601dd5eb947899fe5faf6383a27c

  • SHA256

    0a12f5cdce954dc4eaca8b1454ee36a1b228a8e6b933d0f8f0784cbe3829e53d

  • SHA512

    c373a060250ab52ad64cd9cc0791cd7332ea9937c0a741e47e22cab16d09e7bb81211ada5bd6d1bf702809fb39a55c4fddd92179f9df9cb4388319fcb35a9ddf

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJhYL:s7ZppApdIIoJhiJhYL

Malware Config

Targets

    • Target

      0a12f5cdce954dc4eaca8b1454ee36a1b228a8e6b933d0f8f0784cbe3829e53d

    • Size

      69KB

    • MD5

      1395b4a04e2b021326eb9fa5113cc35c

    • SHA1

      8d6f12857aba601dd5eb947899fe5faf6383a27c

    • SHA256

      0a12f5cdce954dc4eaca8b1454ee36a1b228a8e6b933d0f8f0784cbe3829e53d

    • SHA512

      c373a060250ab52ad64cd9cc0791cd7332ea9937c0a741e47e22cab16d09e7bb81211ada5bd6d1bf702809fb39a55c4fddd92179f9df9cb4388319fcb35a9ddf

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJhYL:s7ZppApdIIoJhiJhYL

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5128) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks