General

  • Target

    443adedaeaa1236d00a369397c25f947e6eb0c2522464bbd19ff3dc26b2e466b

  • Size

    118KB

  • Sample

    250605-h6avpadq6y

  • MD5

    735ae66c121580106ac220308dc2834c

  • SHA1

    4b15b8669e4fa73efa65de178f4056cbd5669f03

  • SHA256

    443adedaeaa1236d00a369397c25f947e6eb0c2522464bbd19ff3dc26b2e466b

  • SHA512

    9b080fe8571c3c033b56109b8c93d451e7f461686aa6b4735ee81893d1a1da655f4016ff27b1bc15229a2738889bb99bd7b0890f1c67097561cbff0f2c0cd5b1

  • SSDEEP

    3072:spWpI0HXZcz6KjgIJ6SmWDdBBYAMvhI++LmwKIYMZ:N20HXNIJ6SzBv4hI++LmwVYo

Malware Config

Targets

    • Target

      443adedaeaa1236d00a369397c25f947e6eb0c2522464bbd19ff3dc26b2e466b

    • Size

      118KB

    • MD5

      735ae66c121580106ac220308dc2834c

    • SHA1

      4b15b8669e4fa73efa65de178f4056cbd5669f03

    • SHA256

      443adedaeaa1236d00a369397c25f947e6eb0c2522464bbd19ff3dc26b2e466b

    • SHA512

      9b080fe8571c3c033b56109b8c93d451e7f461686aa6b4735ee81893d1a1da655f4016ff27b1bc15229a2738889bb99bd7b0890f1c67097561cbff0f2c0cd5b1

    • SSDEEP

      3072:spWpI0HXZcz6KjgIJ6SmWDdBBYAMvhI++LmwKIYMZ:N20HXNIJ6SzBv4hI++LmwVYo

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (4968) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks