General

  • Target

    05e788b8569e444ef54fa4bae699ba62fa26bd6c5510c4b54fb8fea50f8cecc7

  • Size

    25KB

  • Sample

    250605-h1rw1sdp5w

  • MD5

    14ef783b895125d45b02dc6f1026ae3b

  • SHA1

    023f0b0c9d0a979297c0c967bd338ae3631e4772

  • SHA256

    05e788b8569e444ef54fa4bae699ba62fa26bd6c5510c4b54fb8fea50f8cecc7

  • SHA512

    be238920333ca3b73230736b3d3dc3be71727dca1ad4c722845cc2568e8ef0bf27b7bb5cda74bb1c4d227c31c0df23b94392f8579474627d1719db1c522c199a

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOb83osGOUiuJtfosGOUiuJtr:s7ZppApdIIC0K

Malware Config

Targets

    • Target

      05e788b8569e444ef54fa4bae699ba62fa26bd6c5510c4b54fb8fea50f8cecc7

    • Size

      25KB

    • MD5

      14ef783b895125d45b02dc6f1026ae3b

    • SHA1

      023f0b0c9d0a979297c0c967bd338ae3631e4772

    • SHA256

      05e788b8569e444ef54fa4bae699ba62fa26bd6c5510c4b54fb8fea50f8cecc7

    • SHA512

      be238920333ca3b73230736b3d3dc3be71727dca1ad4c722845cc2568e8ef0bf27b7bb5cda74bb1c4d227c31c0df23b94392f8579474627d1719db1c522c199a

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOb83osGOUiuJtfosGOUiuJtr:s7ZppApdIIC0K

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5127) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks