General

  • Target

    e3391f607a57100f41883112301d3e2629b7494703133618a16084b5e2f23bd0

  • Size

    95KB

  • Sample

    250605-h2zcgsdp7x

  • MD5

    4f7095b0a0f1f173c99ef22aa5fd64cc

  • SHA1

    8acf6eb0550db54e6c7c8d02eab20cca42ec1308

  • SHA256

    e3391f607a57100f41883112301d3e2629b7494703133618a16084b5e2f23bd0

  • SHA512

    5f9291fd927afaabbfc71e918ab1ca111f2e8de8b1e9b39180441e466704166c0946b3da9d710758f25844657e9e9823629dd08b5755958137e096db041284d8

  • SSDEEP

    1536:s7ZppApdIIyBoLqrNkW1zN0m0lG1tETSA6nQmJ0QmJo:spWpsBsqrNkMzN0mx7Sr6nQmJ0QmJo

Malware Config

Targets

    • Target

      e3391f607a57100f41883112301d3e2629b7494703133618a16084b5e2f23bd0

    • Size

      95KB

    • MD5

      4f7095b0a0f1f173c99ef22aa5fd64cc

    • SHA1

      8acf6eb0550db54e6c7c8d02eab20cca42ec1308

    • SHA256

      e3391f607a57100f41883112301d3e2629b7494703133618a16084b5e2f23bd0

    • SHA512

      5f9291fd927afaabbfc71e918ab1ca111f2e8de8b1e9b39180441e466704166c0946b3da9d710758f25844657e9e9823629dd08b5755958137e096db041284d8

    • SSDEEP

      1536:s7ZppApdIIyBoLqrNkW1zN0m0lG1tETSA6nQmJ0QmJo:spWpsBsqrNkMzN0mx7Sr6nQmJ0QmJo

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5033) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks