General

  • Target

    b72b6029deff0b84a67ac2a5f2b47ac744b8a71e9ee72a858aae41fca8dfbd69

  • Size

    60KB

  • Sample

    250605-h3cj4sttby

  • MD5

    09b9c5436812cc27261aa62ee0c42bac

  • SHA1

    7c9ac77278d4d5c7d13b5228d4bd492c8d9d7f0e

  • SHA256

    b72b6029deff0b84a67ac2a5f2b47ac744b8a71e9ee72a858aae41fca8dfbd69

  • SHA512

    71a03b6557fbeeece6a83ebc32ce744a7493494944bace3f8b4e4000fcf0d1aeb921c84f34c8f214faf5a4f55ff3b8b1865d0ee3654b325c82e776f94e82913d

  • SSDEEP

    1536:s7ZppApdIIC0/h1HgzohpI5BsKvYFW+W7NmYtV:spWpI0/hhqeCBuCmM

Malware Config

Targets

    • Target

      b72b6029deff0b84a67ac2a5f2b47ac744b8a71e9ee72a858aae41fca8dfbd69

    • Size

      60KB

    • MD5

      09b9c5436812cc27261aa62ee0c42bac

    • SHA1

      7c9ac77278d4d5c7d13b5228d4bd492c8d9d7f0e

    • SHA256

      b72b6029deff0b84a67ac2a5f2b47ac744b8a71e9ee72a858aae41fca8dfbd69

    • SHA512

      71a03b6557fbeeece6a83ebc32ce744a7493494944bace3f8b4e4000fcf0d1aeb921c84f34c8f214faf5a4f55ff3b8b1865d0ee3654b325c82e776f94e82913d

    • SSDEEP

      1536:s7ZppApdIIC0/h1HgzohpI5BsKvYFW+W7NmYtV:spWpI0/hhqeCBuCmM

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5183) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks