General

  • Target

    a6b082961c74a04107ff2bb392dbfbbd2017116645751e53fc92d56976279584

  • Size

    596KB

  • Sample

    250529-ragssssvbv

  • MD5

    1899fa03497c47ac2cd72677f3ad60e8

  • SHA1

    ded5bc3c22ee32c23591576c1b032ced478a4ef2

  • SHA256

    a6b082961c74a04107ff2bb392dbfbbd2017116645751e53fc92d56976279584

  • SHA512

    e4eebc976b6a9d2c586f73c7fb5a1795b2259e11d88ee99cbe1da6fee54862abbd4248bac0b96a4c4e52b863bec2ef372f14b952bb1d2918511e9418adf5346d

  • SSDEEP

    12288:Oi3yiHiNI3DPCRdM6UoVFFXJuLUtzpLG47F:O3iH/CR+E9h

Malware Config

Targets

    • Target

      a6b082961c74a04107ff2bb392dbfbbd2017116645751e53fc92d56976279584

    • Size

      596KB

    • MD5

      1899fa03497c47ac2cd72677f3ad60e8

    • SHA1

      ded5bc3c22ee32c23591576c1b032ced478a4ef2

    • SHA256

      a6b082961c74a04107ff2bb392dbfbbd2017116645751e53fc92d56976279584

    • SHA512

      e4eebc976b6a9d2c586f73c7fb5a1795b2259e11d88ee99cbe1da6fee54862abbd4248bac0b96a4c4e52b863bec2ef372f14b952bb1d2918511e9418adf5346d

    • SSDEEP

      12288:Oi3yiHiNI3DPCRdM6UoVFFXJuLUtzpLG47F:O3iH/CR+E9h

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (2903) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks