General

  • Target

    450d600305b56a65611aabb0784f19d3c7d2ef61c6580fde5eba70693f834d5c

  • Size

    6.1MB

  • Sample

    250529-q97mtssvay

  • MD5

    164b1870e9aec10da4dd1dca94aa5c0d

  • SHA1

    dd79ed54451a19cca4dfec48ce70e2353d418df3

  • SHA256

    450d600305b56a65611aabb0784f19d3c7d2ef61c6580fde5eba70693f834d5c

  • SHA512

    386371d1d5f9989d2f39060955c0e2acd019739e84467c267118d9c35eec868c5c4e5b8a7a33100145954b3e634ae270319afbd11c90786ede3be6a3f3428679

  • SSDEEP

    98304:ewaCELMjOLIalJ67sj4jmpRMTcToaxLQsp1RXp9nGeyYnj:ewaCYLIal06MTo9RPGeyq

Malware Config

Targets

    • Target

      450d600305b56a65611aabb0784f19d3c7d2ef61c6580fde5eba70693f834d5c

    • Size

      6.1MB

    • MD5

      164b1870e9aec10da4dd1dca94aa5c0d

    • SHA1

      dd79ed54451a19cca4dfec48ce70e2353d418df3

    • SHA256

      450d600305b56a65611aabb0784f19d3c7d2ef61c6580fde5eba70693f834d5c

    • SHA512

      386371d1d5f9989d2f39060955c0e2acd019739e84467c267118d9c35eec868c5c4e5b8a7a33100145954b3e634ae270319afbd11c90786ede3be6a3f3428679

    • SSDEEP

      98304:ewaCELMjOLIalJ67sj4jmpRMTcToaxLQsp1RXp9nGeyYnj:ewaCYLIal06MTo9RPGeyq

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (435) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks