General

  • Target

    a93dbd427a750eecbb215a8df92c4b74d4d5281864f2cc095e4bc1701819865d

  • Size

    16KB

  • Sample

    250529-rby4gasvcv

  • MD5

    7f0dcf3ffea901d0b09dd7e914249dc0

  • SHA1

    09b9cfe30dfd24fdf1a295daff5baa213def9033

  • SHA256

    a93dbd427a750eecbb215a8df92c4b74d4d5281864f2cc095e4bc1701819865d

  • SHA512

    0b240d3595b553ade2ec564bff927ac8df5c4a4b2c16f09fa298cc13f58ad0c89f2e86bc913befbbaf044e806cdd0227e238d19f3ef9d867870302381bf3e681

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rO8j7jD:uZ4FLz8ae+rOn8ae+rOE

Malware Config

Targets

    • Target

      a93dbd427a750eecbb215a8df92c4b74d4d5281864f2cc095e4bc1701819865d

    • Size

      16KB

    • MD5

      7f0dcf3ffea901d0b09dd7e914249dc0

    • SHA1

      09b9cfe30dfd24fdf1a295daff5baa213def9033

    • SHA256

      a93dbd427a750eecbb215a8df92c4b74d4d5281864f2cc095e4bc1701819865d

    • SHA512

      0b240d3595b553ade2ec564bff927ac8df5c4a4b2c16f09fa298cc13f58ad0c89f2e86bc913befbbaf044e806cdd0227e238d19f3ef9d867870302381bf3e681

    • SSDEEP

      384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rO8j7jD:uZ4FLz8ae+rOn8ae+rOE

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5284) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks