General
-
Target
450d600305b56a65611aabb0784f19d3c7d2ef61c6580fde5eba70693f834d5c
-
Size
6.1MB
-
Sample
250529-q97mtssvay
-
MD5
164b1870e9aec10da4dd1dca94aa5c0d
-
SHA1
dd79ed54451a19cca4dfec48ce70e2353d418df3
-
SHA256
450d600305b56a65611aabb0784f19d3c7d2ef61c6580fde5eba70693f834d5c
-
SHA512
386371d1d5f9989d2f39060955c0e2acd019739e84467c267118d9c35eec868c5c4e5b8a7a33100145954b3e634ae270319afbd11c90786ede3be6a3f3428679
-
SSDEEP
98304:ewaCELMjOLIalJ67sj4jmpRMTcToaxLQsp1RXp9nGeyYnj:ewaCYLIal06MTo9RPGeyq
Static task
static1
Behavioral task
behavioral1
Sample
450d600305b56a65611aabb0784f19d3c7d2ef61c6580fde5eba70693f834d5c.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
450d600305b56a65611aabb0784f19d3c7d2ef61c6580fde5eba70693f834d5c.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
450d600305b56a65611aabb0784f19d3c7d2ef61c6580fde5eba70693f834d5c
-
Size
6.1MB
-
MD5
164b1870e9aec10da4dd1dca94aa5c0d
-
SHA1
dd79ed54451a19cca4dfec48ce70e2353d418df3
-
SHA256
450d600305b56a65611aabb0784f19d3c7d2ef61c6580fde5eba70693f834d5c
-
SHA512
386371d1d5f9989d2f39060955c0e2acd019739e84467c267118d9c35eec868c5c4e5b8a7a33100145954b3e634ae270319afbd11c90786ede3be6a3f3428679
-
SSDEEP
98304:ewaCELMjOLIalJ67sj4jmpRMTcToaxLQsp1RXp9nGeyYnj:ewaCYLIal06MTo9RPGeyq
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (435) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-