General

  • Target

    85f4289206333ea6963bcdb3a26c92861e560e8ec2574fc66ad098296a15d318

  • Size

    69KB

  • Sample

    250529-n5zejscn7v

  • MD5

    a939963329792be46f92ef793b9b6c2d

  • SHA1

    927ba4b7cea32afca21862bf6837489c1cb5daea

  • SHA256

    85f4289206333ea6963bcdb3a26c92861e560e8ec2574fc66ad098296a15d318

  • SHA512

    7afc8e8d17cbb21d61f3643750269c1e74c3cb78051b6d0003309bec326b7e970d022f48a91c0b9053feb1178da59463475a10c1d3716b55f667de3b4b761410

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJhYx:s7ZppApdIIoJhiJhYx

Malware Config

Targets

    • Target

      85f4289206333ea6963bcdb3a26c92861e560e8ec2574fc66ad098296a15d318

    • Size

      69KB

    • MD5

      a939963329792be46f92ef793b9b6c2d

    • SHA1

      927ba4b7cea32afca21862bf6837489c1cb5daea

    • SHA256

      85f4289206333ea6963bcdb3a26c92861e560e8ec2574fc66ad098296a15d318

    • SHA512

      7afc8e8d17cbb21d61f3643750269c1e74c3cb78051b6d0003309bec326b7e970d022f48a91c0b9053feb1178da59463475a10c1d3716b55f667de3b4b761410

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJhYx:s7ZppApdIIoJhiJhYx

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5060) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks