General

  • Target

    10c83cec5bdb559132abe78821f2aa1a73c4e945af24c524f06bff7b71345fca

  • Size

    27KB

  • Sample

    250529-n69a5s1wax

  • MD5

    7f5c1658cc1123a499a8d05e208b88ad

  • SHA1

    eaae803f6c60f9bcf6f68c79d007ff35f96d917e

  • SHA256

    10c83cec5bdb559132abe78821f2aa1a73c4e945af24c524f06bff7b71345fca

  • SHA512

    3d280897eb42d776f3d4606297260f5517866808e4b2e630828b48d7c2395a69ca82e68194027681ce35860b153ce119166771e68c32a3f75c01ab726214c6b5

  • SSDEEP

    384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOYE/AE/m4zftf6:s7BlpppARFbhdLz8ae+rOn8ae+rO+4I

Malware Config

Targets

    • Target

      10c83cec5bdb559132abe78821f2aa1a73c4e945af24c524f06bff7b71345fca

    • Size

      27KB

    • MD5

      7f5c1658cc1123a499a8d05e208b88ad

    • SHA1

      eaae803f6c60f9bcf6f68c79d007ff35f96d917e

    • SHA256

      10c83cec5bdb559132abe78821f2aa1a73c4e945af24c524f06bff7b71345fca

    • SHA512

      3d280897eb42d776f3d4606297260f5517866808e4b2e630828b48d7c2395a69ca82e68194027681ce35860b153ce119166771e68c32a3f75c01ab726214c6b5

    • SSDEEP

      384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOYE/AE/m4zftf6:s7BlpppARFbhdLz8ae+rOn8ae+rO+4I

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5254) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks