General

  • Target

    5515a1eaf193a4cd99195140508dbe4858cbf424e502556d9e5b864d1f6cd1c6

  • Size

    36KB

  • Sample

    250529-n53f7scn7x

  • MD5

    9857554d149c7ad3173a26eba707444d

  • SHA1

    cf9c804ec46c37e7ba4daa6522e23831282f1afb

  • SHA256

    5515a1eaf193a4cd99195140508dbe4858cbf424e502556d9e5b864d1f6cd1c6

  • SHA512

    eef2675d5f592573f5a106bc4104c2835a4c6565a4b7fae1ffd5b6cf007ddd21f810af5cd1e90aa15d7cbf3920324222a3b62bfd171aefbdd249081de9c1fc63

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOr9NNV5H/V36aNQP+OKGDw9ce9cXLk:uZ4FLz8ae+rOn8ae+rO2aNQP+UDQvWLk

Malware Config

Targets

    • Target

      5515a1eaf193a4cd99195140508dbe4858cbf424e502556d9e5b864d1f6cd1c6

    • Size

      36KB

    • MD5

      9857554d149c7ad3173a26eba707444d

    • SHA1

      cf9c804ec46c37e7ba4daa6522e23831282f1afb

    • SHA256

      5515a1eaf193a4cd99195140508dbe4858cbf424e502556d9e5b864d1f6cd1c6

    • SHA512

      eef2675d5f592573f5a106bc4104c2835a4c6565a4b7fae1ffd5b6cf007ddd21f810af5cd1e90aa15d7cbf3920324222a3b62bfd171aefbdd249081de9c1fc63

    • SSDEEP

      384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOr9NNV5H/V36aNQP+OKGDw9ce9cXLk:uZ4FLz8ae+rOn8ae+rO2aNQP+UDQvWLk

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5209) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks