General

  • Target

    84bea1bbfb8cb895d3bbf2bab9ac492bf6aa5ba5aadde53520bd5668b894edca

  • Size

    99KB

  • Sample

    250605-h1rk9atshx

  • MD5

    620b444b3e260a7c398ea9e6aba11e4c

  • SHA1

    d673bbe21094fd887b2bd54e5d4c3916cdb61326

  • SHA256

    84bea1bbfb8cb895d3bbf2bab9ac492bf6aa5ba5aadde53520bd5668b894edca

  • SHA512

    3a1c73f5a1f80fe8d7cf7ecb458dea7a2982d18f0f9a11453b36e899ff1b85e8ea3820870947d1a8a6d3b18040f26df059a8c4faa3e5290821f2d54da4559cbf

  • SSDEEP

    1536:s7ZppApdIIyBoLqrNkW1zN0m0lG1tETSA6A:spWpsBsqrNkMzN0mx7Sr6A

Malware Config

Targets

    • Target

      84bea1bbfb8cb895d3bbf2bab9ac492bf6aa5ba5aadde53520bd5668b894edca

    • Size

      99KB

    • MD5

      620b444b3e260a7c398ea9e6aba11e4c

    • SHA1

      d673bbe21094fd887b2bd54e5d4c3916cdb61326

    • SHA256

      84bea1bbfb8cb895d3bbf2bab9ac492bf6aa5ba5aadde53520bd5668b894edca

    • SHA512

      3a1c73f5a1f80fe8d7cf7ecb458dea7a2982d18f0f9a11453b36e899ff1b85e8ea3820870947d1a8a6d3b18040f26df059a8c4faa3e5290821f2d54da4559cbf

    • SSDEEP

      1536:s7ZppApdIIyBoLqrNkW1zN0m0lG1tETSA6A:spWpsBsqrNkMzN0mx7Sr6A

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5027) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks