General

  • Target

    4f4072a1740db75ef577ff4be3de805fbd9db59b41e864292891c2572390f09d

  • Size

    32KB

  • Sample

    250529-n5xkys1vh1

  • MD5

    4c3d05ddda488357d8964a1f69a97461

  • SHA1

    e34b2dc51980b408da848e1c75721c0e9995f011

  • SHA256

    4f4072a1740db75ef577ff4be3de805fbd9db59b41e864292891c2572390f09d

  • SHA512

    478b627ca6f1d108e378b2ba3fa546e55a144df40d2385038e844fa2714c216a747b6542863a902d0991e39a263421aa5553d6f8e39b8717a7abbaad44fdb80b

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rO+4500n1kJ00n1kw:s7ZppApdII+491015

Malware Config

Targets

    • Target

      4f4072a1740db75ef577ff4be3de805fbd9db59b41e864292891c2572390f09d

    • Size

      32KB

    • MD5

      4c3d05ddda488357d8964a1f69a97461

    • SHA1

      e34b2dc51980b408da848e1c75721c0e9995f011

    • SHA256

      4f4072a1740db75ef577ff4be3de805fbd9db59b41e864292891c2572390f09d

    • SHA512

      478b627ca6f1d108e378b2ba3fa546e55a144df40d2385038e844fa2714c216a747b6542863a902d0991e39a263421aa5553d6f8e39b8717a7abbaad44fdb80b

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rO+4500n1kJ00n1kw:s7ZppApdII+491015

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5251) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks