General

  • Target

    30abf49023b06f2f040ad898587127583450dd6f24e9d5c07d8675a271d85f0d

  • Size

    27KB

  • Sample

    250529-n7b22a1wa1

  • MD5

    b52858a879a8a53f475702aae005f2f8

  • SHA1

    a31e80c2d1379e7427c188b3d9a0890bc6ad085c

  • SHA256

    30abf49023b06f2f040ad898587127583450dd6f24e9d5c07d8675a271d85f0d

  • SHA512

    6406b1705584bdf54530dad9663a21ebe518dc02339aa78d6f54be6ecfd76ff89b6b6053fef2d6b4dd573232127567b786cd871ed34d873a514544b330030a6c

  • SSDEEP

    768:uZ4FLz8ae+rOn8ae+rOHPRPq+BSBmBCUK9+BSBmBCUKqqQ:uGIIHp1MkPMkR

Malware Config

Targets

    • Target

      30abf49023b06f2f040ad898587127583450dd6f24e9d5c07d8675a271d85f0d

    • Size

      27KB

    • MD5

      b52858a879a8a53f475702aae005f2f8

    • SHA1

      a31e80c2d1379e7427c188b3d9a0890bc6ad085c

    • SHA256

      30abf49023b06f2f040ad898587127583450dd6f24e9d5c07d8675a271d85f0d

    • SHA512

      6406b1705584bdf54530dad9663a21ebe518dc02339aa78d6f54be6ecfd76ff89b6b6053fef2d6b4dd573232127567b786cd871ed34d873a514544b330030a6c

    • SSDEEP

      768:uZ4FLz8ae+rOn8ae+rOHPRPq+BSBmBCUK9+BSBmBCUKqqQ:uGIIHp1MkPMkR

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5272) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks