General

  • Target

    ba0d6f550fc0bb434751b7520e55e3bab7dae9a2b6abc7eb1b0b9028673fda56

  • Size

    133KB

  • Sample

    250529-ra2szacp6z

  • MD5

    f804ed7c09ac5779de2af8dfde62d6dc

  • SHA1

    b675a5dadc8044e7a48733a7efb9fee7d0bc84de

  • SHA256

    ba0d6f550fc0bb434751b7520e55e3bab7dae9a2b6abc7eb1b0b9028673fda56

  • SHA512

    ec716ded4ec2b45d77ef9c805d263e99cc0d36b527c25ef60d61c5c458658124716847ffb80e2a4ef376f52bf4bdcd47b47e4e3bb6f792551b6ac2a39462b959

  • SSDEEP

    1536:s7ZppApdIIXJUDJUzreQvow2GIIXJUDJUzreQvowc:spWp1reVwDreVwc

Malware Config

Targets

    • Target

      ba0d6f550fc0bb434751b7520e55e3bab7dae9a2b6abc7eb1b0b9028673fda56

    • Size

      133KB

    • MD5

      f804ed7c09ac5779de2af8dfde62d6dc

    • SHA1

      b675a5dadc8044e7a48733a7efb9fee7d0bc84de

    • SHA256

      ba0d6f550fc0bb434751b7520e55e3bab7dae9a2b6abc7eb1b0b9028673fda56

    • SHA512

      ec716ded4ec2b45d77ef9c805d263e99cc0d36b527c25ef60d61c5c458658124716847ffb80e2a4ef376f52bf4bdcd47b47e4e3bb6f792551b6ac2a39462b959

    • SSDEEP

      1536:s7ZppApdIIXJUDJUzreQvow2GIIXJUDJUzreQvowc:spWp1reVwDreVwc

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (4738) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks