General

  • Target

    2cbe21a0dfa9ad2024e815f72b259cde9bd0d42bd04032de7052f13053741588

  • Size

    81KB

  • Sample

    250529-q8lnzasthw

  • MD5

    8c8b39ed113ea3cc18d4e49ff633a122

  • SHA1

    d2a999ffb32cb3f2b12e7d92699661cf3ab5006e

  • SHA256

    2cbe21a0dfa9ad2024e815f72b259cde9bd0d42bd04032de7052f13053741588

  • SHA512

    b34cd227e15148dd1d506aa9be4f9238656ece89fd9b4db1c83a0bd06b840fd33f084615760e4f2d2cb9900d2b9d2442ca6c367e45bf5e87f01666e7513d399c

  • SSDEEP

    1536:uGIINlsPKe9Tdxz2dmn2ja+ZhuB0PUb2+:LehXz2ja+PuiPUP

Malware Config

Targets

    • Target

      2cbe21a0dfa9ad2024e815f72b259cde9bd0d42bd04032de7052f13053741588

    • Size

      81KB

    • MD5

      8c8b39ed113ea3cc18d4e49ff633a122

    • SHA1

      d2a999ffb32cb3f2b12e7d92699661cf3ab5006e

    • SHA256

      2cbe21a0dfa9ad2024e815f72b259cde9bd0d42bd04032de7052f13053741588

    • SHA512

      b34cd227e15148dd1d506aa9be4f9238656ece89fd9b4db1c83a0bd06b840fd33f084615760e4f2d2cb9900d2b9d2442ca6c367e45bf5e87f01666e7513d399c

    • SSDEEP

      1536:uGIINlsPKe9Tdxz2dmn2ja+ZhuB0PUb2+:LehXz2ja+PuiPUP

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5035) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks