General
-
Target
61ec377943e3f82c98f842d9d6c10b5dcca8542aa7957a891598d4617be305f4
-
Size
161KB
-
Sample
250529-q8krnssthv
-
MD5
de5eaa7126759b1162607c072d2da945
-
SHA1
8347e7a1461b21c95f54f08091822fc38b2e29fe
-
SHA256
61ec377943e3f82c98f842d9d6c10b5dcca8542aa7957a891598d4617be305f4
-
SHA512
f368d86f3dbba169ee0a342eb6a22f557769a4412285e60651b253eb14ac586fec5cd80c6e8b86270d922e02a136a6ffdf6ce91fdf4aa85da3f5c8430191ca53
-
SSDEEP
1536:uGIINlsPKe9Tdxz2dmn2ja+ZhuB0PUb2rGIINlsPKe9Tdxz2dmn2ja+ZhuB0PUb1:LehXz2ja+PuiPUNehXz2ja+PuiPUJ
Static task
static1
Behavioral task
behavioral1
Sample
61ec377943e3f82c98f842d9d6c10b5dcca8542aa7957a891598d4617be305f4.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
61ec377943e3f82c98f842d9d6c10b5dcca8542aa7957a891598d4617be305f4.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
61ec377943e3f82c98f842d9d6c10b5dcca8542aa7957a891598d4617be305f4
-
Size
161KB
-
MD5
de5eaa7126759b1162607c072d2da945
-
SHA1
8347e7a1461b21c95f54f08091822fc38b2e29fe
-
SHA256
61ec377943e3f82c98f842d9d6c10b5dcca8542aa7957a891598d4617be305f4
-
SHA512
f368d86f3dbba169ee0a342eb6a22f557769a4412285e60651b253eb14ac586fec5cd80c6e8b86270d922e02a136a6ffdf6ce91fdf4aa85da3f5c8430191ca53
-
SSDEEP
1536:uGIINlsPKe9Tdxz2dmn2ja+ZhuB0PUb2rGIINlsPKe9Tdxz2dmn2ja+ZhuB0PUb1:LehXz2ja+PuiPUNehXz2ja+PuiPUJ
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (4894) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-