General

  • Target

    a4bc781e004a23884d16d0ac5da671655a322656f2a2c9925bcc4fed42e02de9

  • Size

    40KB

  • Sample

    250529-rb8mxasvdv

  • MD5

    71678f7d1374f33d5b0360f3937c0b85

  • SHA1

    6f1e1dbe15689119daecce7097769e1b9c33aca5

  • SHA256

    a4bc781e004a23884d16d0ac5da671655a322656f2a2c9925bcc4fed42e02de9

  • SHA512

    700364913787d051541f15207142b8c49d4fa94c8ab13f8f1f91b95f72333cb8138bbf009965b889df41b1db621a73017afb4fc77a76987888fa78c49f7ac7af

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rO+4500n1kJ00n1kU:s7ZppApdII+49101F

Malware Config

Targets

    • Target

      a4bc781e004a23884d16d0ac5da671655a322656f2a2c9925bcc4fed42e02de9

    • Size

      40KB

    • MD5

      71678f7d1374f33d5b0360f3937c0b85

    • SHA1

      6f1e1dbe15689119daecce7097769e1b9c33aca5

    • SHA256

      a4bc781e004a23884d16d0ac5da671655a322656f2a2c9925bcc4fed42e02de9

    • SHA512

      700364913787d051541f15207142b8c49d4fa94c8ab13f8f1f91b95f72333cb8138bbf009965b889df41b1db621a73017afb4fc77a76987888fa78c49f7ac7af

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rO+4500n1kJ00n1kU:s7ZppApdII+49101F

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5213) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks