General

  • Target

    fde935dccbc5b8ba5db5149e688c4f9cd1421cbb6ff3b129e29357807d1e7e27

  • Size

    199KB

  • Sample

    250529-q8kfxastgy

  • MD5

    ed7a5a6a4d1507859b3d3063762c41c0

  • SHA1

    e8025cef7e862467a12bd76b60c20001063972ca

  • SHA256

    fde935dccbc5b8ba5db5149e688c4f9cd1421cbb6ff3b129e29357807d1e7e27

  • SHA512

    0fa093b5d243719b036d5e7ffc11b1653308b042cf42341fea4f690f83294615a84e3736095d1a4a8f6fa2b0352d6b2ae3982b0967d838e722464bf25249f838

  • SSDEEP

    3072:LehXz2ja+PuiPUfnzhQNv40j0PW1IrEfMtyhuC:LehXz2jrPUFn00rZy3

Malware Config

Targets

    • Target

      fde935dccbc5b8ba5db5149e688c4f9cd1421cbb6ff3b129e29357807d1e7e27

    • Size

      199KB

    • MD5

      ed7a5a6a4d1507859b3d3063762c41c0

    • SHA1

      e8025cef7e862467a12bd76b60c20001063972ca

    • SHA256

      fde935dccbc5b8ba5db5149e688c4f9cd1421cbb6ff3b129e29357807d1e7e27

    • SHA512

      0fa093b5d243719b036d5e7ffc11b1653308b042cf42341fea4f690f83294615a84e3736095d1a4a8f6fa2b0352d6b2ae3982b0967d838e722464bf25249f838

    • SSDEEP

      3072:LehXz2ja+PuiPUfnzhQNv40j0PW1IrEfMtyhuC:LehXz2jrPUFn00rZy3

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5036) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks