General
-
Target
5ddfed29d17236eaa2ae185b9f888dc632598b30385753345746f6b742f41b46
-
Size
43KB
-
Sample
250529-n7nqts1p19
-
MD5
be64500c7b03becba674c8bba866ac84
-
SHA1
1c2988e7196b6bb22c1da8695d75cff6b7e01b15
-
SHA256
5ddfed29d17236eaa2ae185b9f888dc632598b30385753345746f6b742f41b46
-
SHA512
0f75a0347622d0ab21baab03d37146cef8e7bb9f68e15660bfbb8b49da603169500428e722736901a6bd2c069ee6615b87bf4560a6491864602fb8859fc29d3a
-
SSDEEP
768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvwKIPKIh:s7ZppApdIIJQP+UDQvwdPdh
Behavioral task
behavioral1
Sample
5ddfed29d17236eaa2ae185b9f888dc632598b30385753345746f6b742f41b46.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
5ddfed29d17236eaa2ae185b9f888dc632598b30385753345746f6b742f41b46.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
5ddfed29d17236eaa2ae185b9f888dc632598b30385753345746f6b742f41b46
-
Size
43KB
-
MD5
be64500c7b03becba674c8bba866ac84
-
SHA1
1c2988e7196b6bb22c1da8695d75cff6b7e01b15
-
SHA256
5ddfed29d17236eaa2ae185b9f888dc632598b30385753345746f6b742f41b46
-
SHA512
0f75a0347622d0ab21baab03d37146cef8e7bb9f68e15660bfbb8b49da603169500428e722736901a6bd2c069ee6615b87bf4560a6491864602fb8859fc29d3a
-
SSDEEP
768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvwKIPKIh:s7ZppApdIIJQP+UDQvwdPdh
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5201) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-