General
-
Target
30abf49023b06f2f040ad898587127583450dd6f24e9d5c07d8675a271d85f0d
-
Size
27KB
-
Sample
250529-n7b22a1wa1
-
MD5
b52858a879a8a53f475702aae005f2f8
-
SHA1
a31e80c2d1379e7427c188b3d9a0890bc6ad085c
-
SHA256
30abf49023b06f2f040ad898587127583450dd6f24e9d5c07d8675a271d85f0d
-
SHA512
6406b1705584bdf54530dad9663a21ebe518dc02339aa78d6f54be6ecfd76ff89b6b6053fef2d6b4dd573232127567b786cd871ed34d873a514544b330030a6c
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rOHPRPq+BSBmBCUK9+BSBmBCUKqqQ:uGIIHp1MkPMkR
Static task
static1
Behavioral task
behavioral1
Sample
30abf49023b06f2f040ad898587127583450dd6f24e9d5c07d8675a271d85f0d.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
30abf49023b06f2f040ad898587127583450dd6f24e9d5c07d8675a271d85f0d.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
30abf49023b06f2f040ad898587127583450dd6f24e9d5c07d8675a271d85f0d
-
Size
27KB
-
MD5
b52858a879a8a53f475702aae005f2f8
-
SHA1
a31e80c2d1379e7427c188b3d9a0890bc6ad085c
-
SHA256
30abf49023b06f2f040ad898587127583450dd6f24e9d5c07d8675a271d85f0d
-
SHA512
6406b1705584bdf54530dad9663a21ebe518dc02339aa78d6f54be6ecfd76ff89b6b6053fef2d6b4dd573232127567b786cd871ed34d873a514544b330030a6c
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rOHPRPq+BSBmBCUK9+BSBmBCUKqqQ:uGIIHp1MkPMkR
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5272) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-