General
-
Target
4b8ff45e256625c601fbcc27196dd1ab9f81ffafcd24c27bb4e51275024c23be
-
Size
69KB
-
Sample
250530-ccxvga1xax
-
MD5
5f69621e86116c6465ac5507caa247fe
-
SHA1
aaa2ae508cf98dd6de4ea33cfa0ab94709336b6b
-
SHA256
4b8ff45e256625c601fbcc27196dd1ab9f81ffafcd24c27bb4e51275024c23be
-
SHA512
57efd311ec11193d79fd6ebd62514006aeb3074d9f6547dd8ed42993b2a4c7f9cb77a4271da171bee84ddac04b0d038a98195b6a7c1cfcd847a2f287b9d5085b
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rO+4500n1kJ00n1kNIyIDZ4FLz8ae+rOn8ae+rO+4500n1E:uGII+49101yIyIDGII+49101yIyIN
Static task
static1
Behavioral task
behavioral1
Sample
4b8ff45e256625c601fbcc27196dd1ab9f81ffafcd24c27bb4e51275024c23be.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
4b8ff45e256625c601fbcc27196dd1ab9f81ffafcd24c27bb4e51275024c23be.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
4b8ff45e256625c601fbcc27196dd1ab9f81ffafcd24c27bb4e51275024c23be
-
Size
69KB
-
MD5
5f69621e86116c6465ac5507caa247fe
-
SHA1
aaa2ae508cf98dd6de4ea33cfa0ab94709336b6b
-
SHA256
4b8ff45e256625c601fbcc27196dd1ab9f81ffafcd24c27bb4e51275024c23be
-
SHA512
57efd311ec11193d79fd6ebd62514006aeb3074d9f6547dd8ed42993b2a4c7f9cb77a4271da171bee84ddac04b0d038a98195b6a7c1cfcd847a2f287b9d5085b
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rO+4500n1kJ00n1kNIyIDZ4FLz8ae+rOn8ae+rO+4500n1E:uGII+49101yIyIDGII+49101yIyIN
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5260) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-