General

  • Target

    5ddfed29d17236eaa2ae185b9f888dc632598b30385753345746f6b742f41b46

  • Size

    43KB

  • Sample

    250529-n7nqts1p19

  • MD5

    be64500c7b03becba674c8bba866ac84

  • SHA1

    1c2988e7196b6bb22c1da8695d75cff6b7e01b15

  • SHA256

    5ddfed29d17236eaa2ae185b9f888dc632598b30385753345746f6b742f41b46

  • SHA512

    0f75a0347622d0ab21baab03d37146cef8e7bb9f68e15660bfbb8b49da603169500428e722736901a6bd2c069ee6615b87bf4560a6491864602fb8859fc29d3a

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvwKIPKIh:s7ZppApdIIJQP+UDQvwdPdh

Malware Config

Targets

    • Target

      5ddfed29d17236eaa2ae185b9f888dc632598b30385753345746f6b742f41b46

    • Size

      43KB

    • MD5

      be64500c7b03becba674c8bba866ac84

    • SHA1

      1c2988e7196b6bb22c1da8695d75cff6b7e01b15

    • SHA256

      5ddfed29d17236eaa2ae185b9f888dc632598b30385753345746f6b742f41b46

    • SHA512

      0f75a0347622d0ab21baab03d37146cef8e7bb9f68e15660bfbb8b49da603169500428e722736901a6bd2c069ee6615b87bf4560a6491864602fb8859fc29d3a

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvwKIPKIh:s7ZppApdIIJQP+UDQvwdPdh

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5201) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks