General

  • Target

    56e0690b0c051d367ed0f6bfe7c33714c8bcfd82a8085d417829c053ea22562b

  • Size

    28KB

  • Sample

    250529-n7q6ys1wby

  • MD5

    dc32a039d62af5d9df8f34282e98e071

  • SHA1

    5d8253204380187d24c6104809d282ea46cd79db

  • SHA256

    56e0690b0c051d367ed0f6bfe7c33714c8bcfd82a8085d417829c053ea22562b

  • SHA512

    a7db61c3b67617afb63d9f08ef7ea52dcdbd4f9d856636f133bffb65f7afdb8e93796eaf1ca5c21ea1f5f4afde1ff8ee0223deb36414763c096c60143e2ee891

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJhREOcqEOcG:s7ZppApdIIoJhiJhRpHpr

Malware Config

Targets

    • Target

      56e0690b0c051d367ed0f6bfe7c33714c8bcfd82a8085d417829c053ea22562b

    • Size

      28KB

    • MD5

      dc32a039d62af5d9df8f34282e98e071

    • SHA1

      5d8253204380187d24c6104809d282ea46cd79db

    • SHA256

      56e0690b0c051d367ed0f6bfe7c33714c8bcfd82a8085d417829c053ea22562b

    • SHA512

      a7db61c3b67617afb63d9f08ef7ea52dcdbd4f9d856636f133bffb65f7afdb8e93796eaf1ca5c21ea1f5f4afde1ff8ee0223deb36414763c096c60143e2ee891

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOoJhiJhREOcqEOcG:s7ZppApdIIoJhiJhRpHpr

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5272) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks