General

  • Target

    614d313e3362c99a45466c2bda6977a0a80d719e23bd3f5d2ae5065ff375249a

  • Size

    6.8MB

  • Sample

    250529-q9541asvaw

  • MD5

    1555e426aab77276f166701e4ac2c821

  • SHA1

    f35b7099a1135df9d6f3b2155af7efc4a9b85121

  • SHA256

    614d313e3362c99a45466c2bda6977a0a80d719e23bd3f5d2ae5065ff375249a

  • SHA512

    1b9f04480a4689643e1ea7eb05e0b68cb445a4770229cc0e6e220c47d4cbeb30242dba01c8654659542eaa3c6ea15f5fbffcc4f388c860248eee22af68a83ab5

  • SSDEEP

    196608:l0eo1Kv/Ad0hvEB9iOuCPEPAJZ0e/tHLuuwrf1/WsL/po:l0H1sREB9iHCPEIJZ0e/tHLuuwb1/Wsi

Malware Config

Targets

    • Target

      614d313e3362c99a45466c2bda6977a0a80d719e23bd3f5d2ae5065ff375249a

    • Size

      6.8MB

    • MD5

      1555e426aab77276f166701e4ac2c821

    • SHA1

      f35b7099a1135df9d6f3b2155af7efc4a9b85121

    • SHA256

      614d313e3362c99a45466c2bda6977a0a80d719e23bd3f5d2ae5065ff375249a

    • SHA512

      1b9f04480a4689643e1ea7eb05e0b68cb445a4770229cc0e6e220c47d4cbeb30242dba01c8654659542eaa3c6ea15f5fbffcc4f388c860248eee22af68a83ab5

    • SSDEEP

      196608:l0eo1Kv/Ad0hvEB9iOuCPEPAJZ0e/tHLuuwrf1/WsL/po:l0H1sREB9iHCPEIJZ0e/tHLuuwb1/Wsi

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (372) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks