General

  • Target

    55e09484bea64dc41dac768dbff304aaf495f0f6861d5098849380de85206b68

  • Size

    49KB

  • Sample

    250529-n7f1zscn8t

  • MD5

    633c2f3a34cde9ca9a531e394ea4bdf9

  • SHA1

    1697528e965f9b137e827409619ddff34af29330

  • SHA256

    55e09484bea64dc41dac768dbff304aaf495f0f6861d5098849380de85206b68

  • SHA512

    4e0e69ebe7a7d5fe65b3a692b8cb5ad5e0eab0eed62bcc0d4a9c90b3a8324110f57bdf0dbcfa90554087acb7477dec6db2cf65444cc07b5a5d6dca5282610412

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOHPRPq+BSBmBCUK9+BSBmBCUKKZ4FLz8ae+rW:s7ZppApdIIHp1MkPMkxGIIHp1MkPMk4

Malware Config

Targets

    • Target

      55e09484bea64dc41dac768dbff304aaf495f0f6861d5098849380de85206b68

    • Size

      49KB

    • MD5

      633c2f3a34cde9ca9a531e394ea4bdf9

    • SHA1

      1697528e965f9b137e827409619ddff34af29330

    • SHA256

      55e09484bea64dc41dac768dbff304aaf495f0f6861d5098849380de85206b68

    • SHA512

      4e0e69ebe7a7d5fe65b3a692b8cb5ad5e0eab0eed62bcc0d4a9c90b3a8324110f57bdf0dbcfa90554087acb7477dec6db2cf65444cc07b5a5d6dca5282610412

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOHPRPq+BSBmBCUK9+BSBmBCUKKZ4FLz8ae+rW:s7ZppApdIIHp1MkPMkxGIIHp1MkPMk4

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5198) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks