General
-
Target
6fb769b33f795b15164360983fce225ffe4120f7355b2f8d6ea342407b2e7c32
-
Size
68KB
-
Sample
250530-cczn3a1n17
-
MD5
5b4ccfdad5d3a658c1d6a722f226679c
-
SHA1
1ba42fa0ed0953d4ca9382aa06ad48c497605963
-
SHA256
6fb769b33f795b15164360983fce225ffe4120f7355b2f8d6ea342407b2e7c32
-
SHA512
2ccc119a52444e55d138bee95bdf99cb2c50a08137224c30a3051f59dcfb489250f45b9c1a46202192a732a14355093e8092cc349609448822892c4bb11ba359
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rO+4500n1kJ00n1kNIyIIZ4FLz8ae+rOn8ae+rO+4500n1n:uGII+49101yIyIIGII+49101yIyIK
Static task
static1
Behavioral task
behavioral1
Sample
6fb769b33f795b15164360983fce225ffe4120f7355b2f8d6ea342407b2e7c32.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
6fb769b33f795b15164360983fce225ffe4120f7355b2f8d6ea342407b2e7c32.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
6fb769b33f795b15164360983fce225ffe4120f7355b2f8d6ea342407b2e7c32
-
Size
68KB
-
MD5
5b4ccfdad5d3a658c1d6a722f226679c
-
SHA1
1ba42fa0ed0953d4ca9382aa06ad48c497605963
-
SHA256
6fb769b33f795b15164360983fce225ffe4120f7355b2f8d6ea342407b2e7c32
-
SHA512
2ccc119a52444e55d138bee95bdf99cb2c50a08137224c30a3051f59dcfb489250f45b9c1a46202192a732a14355093e8092cc349609448822892c4bb11ba359
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rO+4500n1kJ00n1kNIyIIZ4FLz8ae+rOn8ae+rO+4500n1n:uGII+49101yIyIIGII+49101yIyIK
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (4926) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-