General

  • Target

    20fa65081f651454fd6a51d2481553a96b903d161a390608afe8966be62663cb

  • Size

    944KB

  • Sample

    250529-raey7ssvbt

  • MD5

    171bd55b75de9381c57884b54f5cf65b

  • SHA1

    8a605a80936175ca2798c63147b7cab8bac550c4

  • SHA256

    20fa65081f651454fd6a51d2481553a96b903d161a390608afe8966be62663cb

  • SHA512

    42ea67da8249d5eb3c1866e898b4ba5c72b64ba92e8c26c950de5ed9b8adcdd36897088e0bf6324247c9840003eeacd6f645eb2a9849a267b36e989cf8467e84

  • SSDEEP

    24576:O3JLhrSYV0GYXGO2hbkDklsFHO3cG3UxS:O3JLtSY5aCakNGA

Malware Config

Targets

    • Target

      20fa65081f651454fd6a51d2481553a96b903d161a390608afe8966be62663cb

    • Size

      944KB

    • MD5

      171bd55b75de9381c57884b54f5cf65b

    • SHA1

      8a605a80936175ca2798c63147b7cab8bac550c4

    • SHA256

      20fa65081f651454fd6a51d2481553a96b903d161a390608afe8966be62663cb

    • SHA512

      42ea67da8249d5eb3c1866e898b4ba5c72b64ba92e8c26c950de5ed9b8adcdd36897088e0bf6324247c9840003eeacd6f645eb2a9849a267b36e989cf8467e84

    • SSDEEP

      24576:O3JLhrSYV0GYXGO2hbkDklsFHO3cG3UxS:O3JLtSY5aCakNGA

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (2401) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks