General

  • Target

    3acc149908dd512e8c081cdd336d312d01fbbe9998ce07cc0cdf8c974f585537

  • Size

    86KB

  • Sample

    250529-n7qkes1wbx

  • MD5

    b83d5a7a16bcd319264d0bf768df6d08

  • SHA1

    a15fd7c586bd3621da2dc6aaac1529923b91f5f3

  • SHA256

    3acc149908dd512e8c081cdd336d312d01fbbe9998ce07cc0cdf8c974f585537

  • SHA512

    9ba98fdd4cb3c6b43947444755f4c6b87ed38e6f3e088e3ee5a8c1f477122d2eeb7032b6411923139dfaf3cb5759c54b75c5a36b2561f1d9bfd4587ea673a591

  • SSDEEP

    1536:s7ZppApdIIFJtK9EJSKRVzutQ28svrdwTaxFiD:spWp9t4EJSSVzui2xnA

Malware Config

Targets

    • Target

      3acc149908dd512e8c081cdd336d312d01fbbe9998ce07cc0cdf8c974f585537

    • Size

      86KB

    • MD5

      b83d5a7a16bcd319264d0bf768df6d08

    • SHA1

      a15fd7c586bd3621da2dc6aaac1529923b91f5f3

    • SHA256

      3acc149908dd512e8c081cdd336d312d01fbbe9998ce07cc0cdf8c974f585537

    • SHA512

      9ba98fdd4cb3c6b43947444755f4c6b87ed38e6f3e088e3ee5a8c1f477122d2eeb7032b6411923139dfaf3cb5759c54b75c5a36b2561f1d9bfd4587ea673a591

    • SSDEEP

      1536:s7ZppApdIIFJtK9EJSKRVzutQ28svrdwTaxFiD:spWp9t4EJSSVzui2xnA

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5104) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks