General
-
Target
20fa65081f651454fd6a51d2481553a96b903d161a390608afe8966be62663cb
-
Size
944KB
-
Sample
250529-raey7ssvbt
-
MD5
171bd55b75de9381c57884b54f5cf65b
-
SHA1
8a605a80936175ca2798c63147b7cab8bac550c4
-
SHA256
20fa65081f651454fd6a51d2481553a96b903d161a390608afe8966be62663cb
-
SHA512
42ea67da8249d5eb3c1866e898b4ba5c72b64ba92e8c26c950de5ed9b8adcdd36897088e0bf6324247c9840003eeacd6f645eb2a9849a267b36e989cf8467e84
-
SSDEEP
24576:O3JLhrSYV0GYXGO2hbkDklsFHO3cG3UxS:O3JLtSY5aCakNGA
Static task
static1
Behavioral task
behavioral1
Sample
20fa65081f651454fd6a51d2481553a96b903d161a390608afe8966be62663cb.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
20fa65081f651454fd6a51d2481553a96b903d161a390608afe8966be62663cb.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
20fa65081f651454fd6a51d2481553a96b903d161a390608afe8966be62663cb
-
Size
944KB
-
MD5
171bd55b75de9381c57884b54f5cf65b
-
SHA1
8a605a80936175ca2798c63147b7cab8bac550c4
-
SHA256
20fa65081f651454fd6a51d2481553a96b903d161a390608afe8966be62663cb
-
SHA512
42ea67da8249d5eb3c1866e898b4ba5c72b64ba92e8c26c950de5ed9b8adcdd36897088e0bf6324247c9840003eeacd6f645eb2a9849a267b36e989cf8467e84
-
SSDEEP
24576:O3JLhrSYV0GYXGO2hbkDklsFHO3cG3UxS:O3JLtSY5aCakNGA
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (2401) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-