General
-
Target
4f4072a1740db75ef577ff4be3de805fbd9db59b41e864292891c2572390f09d
-
Size
32KB
-
Sample
250529-n5xkys1vh1
-
MD5
4c3d05ddda488357d8964a1f69a97461
-
SHA1
e34b2dc51980b408da848e1c75721c0e9995f011
-
SHA256
4f4072a1740db75ef577ff4be3de805fbd9db59b41e864292891c2572390f09d
-
SHA512
478b627ca6f1d108e378b2ba3fa546e55a144df40d2385038e844fa2714c216a747b6542863a902d0991e39a263421aa5553d6f8e39b8717a7abbaad44fdb80b
-
SSDEEP
768:s7BlpppARFbhdLz8ae+rOn8ae+rO+4500n1kJ00n1kw:s7ZppApdII+491015
Behavioral task
behavioral1
Sample
4f4072a1740db75ef577ff4be3de805fbd9db59b41e864292891c2572390f09d.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
4f4072a1740db75ef577ff4be3de805fbd9db59b41e864292891c2572390f09d.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
4f4072a1740db75ef577ff4be3de805fbd9db59b41e864292891c2572390f09d
-
Size
32KB
-
MD5
4c3d05ddda488357d8964a1f69a97461
-
SHA1
e34b2dc51980b408da848e1c75721c0e9995f011
-
SHA256
4f4072a1740db75ef577ff4be3de805fbd9db59b41e864292891c2572390f09d
-
SHA512
478b627ca6f1d108e378b2ba3fa546e55a144df40d2385038e844fa2714c216a747b6542863a902d0991e39a263421aa5553d6f8e39b8717a7abbaad44fdb80b
-
SSDEEP
768:s7BlpppARFbhdLz8ae+rOn8ae+rO+4500n1kJ00n1kw:s7ZppApdII+491015
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5251) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-