General

  • Target

    32710c5ad4e7fbdc01645bb31401c0fa833f8583bb94f1a4b480427958973270

  • Size

    153KB

  • Sample

    250530-ccnxka1nz9

  • MD5

    2a6d3fec9f4343686913706b5c09137a

  • SHA1

    06e35152f1ec959f3b90d924da8ed71a056c655e

  • SHA256

    32710c5ad4e7fbdc01645bb31401c0fa833f8583bb94f1a4b480427958973270

  • SHA512

    f98f0a90f11942da1d2a4a01e9cf071aba0757218faa15e0039903d150bb6c614abb8d5249f09de825690f5e0286b4d835eab405c85b6bd9d01ab90afcad4b16

  • SSDEEP

    1536:uGII+49101yIyI1ymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7C:HGwIyI1nzhQNv40j0PW1IrEfMtyhuG

Malware Config

Targets

    • Target

      32710c5ad4e7fbdc01645bb31401c0fa833f8583bb94f1a4b480427958973270

    • Size

      153KB

    • MD5

      2a6d3fec9f4343686913706b5c09137a

    • SHA1

      06e35152f1ec959f3b90d924da8ed71a056c655e

    • SHA256

      32710c5ad4e7fbdc01645bb31401c0fa833f8583bb94f1a4b480427958973270

    • SHA512

      f98f0a90f11942da1d2a4a01e9cf071aba0757218faa15e0039903d150bb6c614abb8d5249f09de825690f5e0286b4d835eab405c85b6bd9d01ab90afcad4b16

    • SSDEEP

      1536:uGII+49101yIyI1ymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7C:HGwIyI1nzhQNv40j0PW1IrEfMtyhuG

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5202) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks