General

  • Target

    687b6e6cc190a48a55f15648dd5be676b8bc94e56f54989ecf664983b3613a66

  • Size

    513KB

  • Sample

    250529-n7cnkacn7z

  • MD5

    256219536689be0d03bcdb1f95ed6e61

  • SHA1

    fe0771c3b7051976393a468326dc5fc301343b31

  • SHA256

    687b6e6cc190a48a55f15648dd5be676b8bc94e56f54989ecf664983b3613a66

  • SHA512

    a8e2d69df1efc77ceb8a7a28ab2f1e7d48c48ff2c431d95e9afdf4ad7d1fc62f5d20a712330fbd90defa5fe64a93c30114d4d052d80819ea7aecd2c1cd55dbce

  • SSDEEP

    6144:NKGPFZZgZZ6ZZZNqrZZ026kZZZsMLZZZ2qwmmmEmm8nmmmmmmmmL+zFmmmP3Jsyi:kuWvuyaxKT9512

Malware Config

Targets

    • Target

      687b6e6cc190a48a55f15648dd5be676b8bc94e56f54989ecf664983b3613a66

    • Size

      513KB

    • MD5

      256219536689be0d03bcdb1f95ed6e61

    • SHA1

      fe0771c3b7051976393a468326dc5fc301343b31

    • SHA256

      687b6e6cc190a48a55f15648dd5be676b8bc94e56f54989ecf664983b3613a66

    • SHA512

      a8e2d69df1efc77ceb8a7a28ab2f1e7d48c48ff2c431d95e9afdf4ad7d1fc62f5d20a712330fbd90defa5fe64a93c30114d4d052d80819ea7aecd2c1cd55dbce

    • SSDEEP

      6144:NKGPFZZgZZ6ZZZNqrZZ026kZZZsMLZZZ2qwmmmEmm8nmmmmmmmmL+zFmmmP3Jsyi:kuWvuyaxKT9512

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (3983) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks