General
-
Target
fde935dccbc5b8ba5db5149e688c4f9cd1421cbb6ff3b129e29357807d1e7e27
-
Size
199KB
-
Sample
250529-q8kfxastgy
-
MD5
ed7a5a6a4d1507859b3d3063762c41c0
-
SHA1
e8025cef7e862467a12bd76b60c20001063972ca
-
SHA256
fde935dccbc5b8ba5db5149e688c4f9cd1421cbb6ff3b129e29357807d1e7e27
-
SHA512
0fa093b5d243719b036d5e7ffc11b1653308b042cf42341fea4f690f83294615a84e3736095d1a4a8f6fa2b0352d6b2ae3982b0967d838e722464bf25249f838
-
SSDEEP
3072:LehXz2ja+PuiPUfnzhQNv40j0PW1IrEfMtyhuC:LehXz2jrPUFn00rZy3
Static task
static1
Behavioral task
behavioral1
Sample
fde935dccbc5b8ba5db5149e688c4f9cd1421cbb6ff3b129e29357807d1e7e27.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
fde935dccbc5b8ba5db5149e688c4f9cd1421cbb6ff3b129e29357807d1e7e27
-
Size
199KB
-
MD5
ed7a5a6a4d1507859b3d3063762c41c0
-
SHA1
e8025cef7e862467a12bd76b60c20001063972ca
-
SHA256
fde935dccbc5b8ba5db5149e688c4f9cd1421cbb6ff3b129e29357807d1e7e27
-
SHA512
0fa093b5d243719b036d5e7ffc11b1653308b042cf42341fea4f690f83294615a84e3736095d1a4a8f6fa2b0352d6b2ae3982b0967d838e722464bf25249f838
-
SSDEEP
3072:LehXz2ja+PuiPUfnzhQNv40j0PW1IrEfMtyhuC:LehXz2jrPUFn00rZy3
-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5036) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-