General

  • Target

    44b80470b9b505d0e93241c5299b6d71b26b528995d01254ce4ed39a2081e971

  • Size

    24KB

  • Sample

    250529-n7laps1wbw

  • MD5

    a13a3a87c27bcda6506ece95ff719fba

  • SHA1

    7a60a8f504373c2235ec5950fcce3a43a39febc9

  • SHA256

    44b80470b9b505d0e93241c5299b6d71b26b528995d01254ce4ed39a2081e971

  • SHA512

    93404f98d6e24809858cf1b54077c248cac5cfff30d94ddab847e4c0f31fec51d4a43fb6001aa443e1518bb0731de1b55309475c3a74c4f2550cfb5cb53486a7

  • SSDEEP

    384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOr9NNV5H/V31:s7BlpppARFbhdLz8ae+rOn8ae+rOZ

Malware Config

Targets

    • Target

      44b80470b9b505d0e93241c5299b6d71b26b528995d01254ce4ed39a2081e971

    • Size

      24KB

    • MD5

      a13a3a87c27bcda6506ece95ff719fba

    • SHA1

      7a60a8f504373c2235ec5950fcce3a43a39febc9

    • SHA256

      44b80470b9b505d0e93241c5299b6d71b26b528995d01254ce4ed39a2081e971

    • SHA512

      93404f98d6e24809858cf1b54077c248cac5cfff30d94ddab847e4c0f31fec51d4a43fb6001aa443e1518bb0731de1b55309475c3a74c4f2550cfb5cb53486a7

    • SSDEEP

      384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOr9NNV5H/V31:s7BlpppARFbhdLz8ae+rOn8ae+rOZ

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5306) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks