General

  • Target

    78bf26cf8e0919e011a8a52ece4fdd8d68d7d99930a7d14f94d3debd9bf6d0a3

  • Size

    69KB

  • Sample

    250529-n7ah7s1way

  • MD5

    758e87f4f25429c8f6a9e1d9a4c0ddc9

  • SHA1

    846f3cfa5282457b8447998d205c4f8c2b744e9d

  • SHA256

    78bf26cf8e0919e011a8a52ece4fdd8d68d7d99930a7d14f94d3debd9bf6d0a3

  • SHA512

    f76f94bea0c949436cfe94117df46f27befde2b8aa9edbe73991b693d284fe70959a9f0156df47e8ffa5850145049add30b997306dc0950a872effd5588cc19b

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJhYwoGvOiJ1IOiJfoGvOiJ1IOiJh:s7ZppApdIIoJhiJhYG121I

Malware Config

Targets

    • Target

      78bf26cf8e0919e011a8a52ece4fdd8d68d7d99930a7d14f94d3debd9bf6d0a3

    • Size

      69KB

    • MD5

      758e87f4f25429c8f6a9e1d9a4c0ddc9

    • SHA1

      846f3cfa5282457b8447998d205c4f8c2b744e9d

    • SHA256

      78bf26cf8e0919e011a8a52ece4fdd8d68d7d99930a7d14f94d3debd9bf6d0a3

    • SHA512

      f76f94bea0c949436cfe94117df46f27befde2b8aa9edbe73991b693d284fe70959a9f0156df47e8ffa5850145049add30b997306dc0950a872effd5588cc19b

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJhYwoGvOiJ1IOiJfoGvOiJ1IOiJh:s7ZppApdIIoJhiJhYG121I

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5197) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks