General

  • Target

    f96648ab821db74e270d73cbcd88549ad7354ff6e9102992154504cbef4b35d6

  • Size

    91KB

  • Sample

    250605-h44d8adq4x

  • MD5

    1ddf481c74ac1e683db67cba6967a63d

  • SHA1

    ec595f65ae7b4a278dc41a7afd72e85029fc4d0f

  • SHA256

    f96648ab821db74e270d73cbcd88549ad7354ff6e9102992154504cbef4b35d6

  • SHA512

    a73c79a72f4091b026e0bc45408cc0a01b4f771d94d75d33a85950b2ae09e7fc550a21f419bacd5b58672a566558b0becfc8ac51115917d90596308b40ecb015

  • SSDEEP

    1536:s7ZppApdIIyBoLqrNkW1zN0m0lG1tETSA6s:spWpsBsqrNkMzN0mx7Sr6s

Malware Config

Targets

    • Target

      f96648ab821db74e270d73cbcd88549ad7354ff6e9102992154504cbef4b35d6

    • Size

      91KB

    • MD5

      1ddf481c74ac1e683db67cba6967a63d

    • SHA1

      ec595f65ae7b4a278dc41a7afd72e85029fc4d0f

    • SHA256

      f96648ab821db74e270d73cbcd88549ad7354ff6e9102992154504cbef4b35d6

    • SHA512

      a73c79a72f4091b026e0bc45408cc0a01b4f771d94d75d33a85950b2ae09e7fc550a21f419bacd5b58672a566558b0becfc8ac51115917d90596308b40ecb015

    • SSDEEP

      1536:s7ZppApdIIyBoLqrNkW1zN0m0lG1tETSA6s:spWpsBsqrNkMzN0mx7Sr6s

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5039) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks