General

  • Target

    6eab9e511112eca0040d88d594f23a1590328184f296ebdd20173d0460a329c0

  • Size

    69KB

  • Sample

    250529-n6zrps1p15

  • MD5

    a429282c372d93ffc2f233c58f32d123

  • SHA1

    2b18fe830bbe9a25049b559ffb0e091a232fe67c

  • SHA256

    6eab9e511112eca0040d88d594f23a1590328184f296ebdd20173d0460a329c0

  • SHA512

    6bc32caca765d59c183fb69dad09a8f6171f4eb73cf13cca17163742c2a64493f0f29161f61b3adc69ef070c50124c580f71c14e05983df70c2e20ddcc7f132e

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJhYnw:s7ZppApdIIoJhiJhYw

Malware Config

Targets

    • Target

      6eab9e511112eca0040d88d594f23a1590328184f296ebdd20173d0460a329c0

    • Size

      69KB

    • MD5

      a429282c372d93ffc2f233c58f32d123

    • SHA1

      2b18fe830bbe9a25049b559ffb0e091a232fe67c

    • SHA256

      6eab9e511112eca0040d88d594f23a1590328184f296ebdd20173d0460a329c0

    • SHA512

      6bc32caca765d59c183fb69dad09a8f6171f4eb73cf13cca17163742c2a64493f0f29161f61b3adc69ef070c50124c580f71c14e05983df70c2e20ddcc7f132e

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJhYnw:s7ZppApdIIoJhiJhYw

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5122) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks