General

  • Target

    418eca04fbb1e73c6e32da06970abcdcfc106ced320f6ae9e3d0387c6b3bb11c

  • Size

    95KB

  • Sample

    250605-h1f5hstns3

  • MD5

    682a21a8af2d77d73f5d3e3e857eaffe

  • SHA1

    dd2f2ce011e2c40f720662ef6310f0870907c5d5

  • SHA256

    418eca04fbb1e73c6e32da06970abcdcfc106ced320f6ae9e3d0387c6b3bb11c

  • SHA512

    ae939fcf626ccbc0852444e358a18f1781a8a4dfe77c48e25e99b8a9f52a86527fff2c6df5e6fe4fc964dd61b2cc07a17e510aff8480c209488dc970fee4281d

  • SSDEEP

    1536:s7ZppApdIIyBoLqrNkW1zN0m0lG1tETSA6m:spWpsBsqrNkMzN0mx7Sr6m

Malware Config

Targets

    • Target

      418eca04fbb1e73c6e32da06970abcdcfc106ced320f6ae9e3d0387c6b3bb11c

    • Size

      95KB

    • MD5

      682a21a8af2d77d73f5d3e3e857eaffe

    • SHA1

      dd2f2ce011e2c40f720662ef6310f0870907c5d5

    • SHA256

      418eca04fbb1e73c6e32da06970abcdcfc106ced320f6ae9e3d0387c6b3bb11c

    • SHA512

      ae939fcf626ccbc0852444e358a18f1781a8a4dfe77c48e25e99b8a9f52a86527fff2c6df5e6fe4fc964dd61b2cc07a17e510aff8480c209488dc970fee4281d

    • SSDEEP

      1536:s7ZppApdIIyBoLqrNkW1zN0m0lG1tETSA6m:spWpsBsqrNkMzN0mx7Sr6m

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (4844) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks