General

  • Target

    d7d2d8f78704bf005eb0be0a29f01095bfa6aa73ac28544c9e585e26ed033d03

  • Size

    31KB

  • Sample

    250529-rceq8asvev

  • MD5

    7029c414207926e9aacdbae0ebee3247

  • SHA1

    66a6eeef86fc0dcfad2d92bcd4454f6a28d335ed

  • SHA256

    d7d2d8f78704bf005eb0be0a29f01095bfa6aa73ac28544c9e585e26ed033d03

  • SHA512

    aa4e867b8b04afd7f06b978cef4eb5a41d62ecf5bf3ac8d1215a5e07402e70a56b460ed86a55d64615ce4b0db4fe69f0e9663c5ab3d7a9dcab749044f0faf8e6

  • SSDEEP

    384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOYE/AE/m45gv:s7BlpppARFbhdLz8ae+rOn8ae+rO+44

Malware Config

Targets

    • Target

      d7d2d8f78704bf005eb0be0a29f01095bfa6aa73ac28544c9e585e26ed033d03

    • Size

      31KB

    • MD5

      7029c414207926e9aacdbae0ebee3247

    • SHA1

      66a6eeef86fc0dcfad2d92bcd4454f6a28d335ed

    • SHA256

      d7d2d8f78704bf005eb0be0a29f01095bfa6aa73ac28544c9e585e26ed033d03

    • SHA512

      aa4e867b8b04afd7f06b978cef4eb5a41d62ecf5bf3ac8d1215a5e07402e70a56b460ed86a55d64615ce4b0db4fe69f0e9663c5ab3d7a9dcab749044f0faf8e6

    • SSDEEP

      384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOYE/AE/m45gv:s7BlpppARFbhdLz8ae+rOn8ae+rO+44

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5203) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks