General
-
Target
b2f30961780525a78da848d2e5e45ced397debf5393209725a1a35cc5e5dbdda
-
Size
131KB
-
Sample
250605-hahwesszht
-
MD5
1bfd3abc31ea360d845a28bedeb2d58c
-
SHA1
5f3e9d599e0b378151f3c4bd9c281be74c72c503
-
SHA256
b2f30961780525a78da848d2e5e45ced397debf5393209725a1a35cc5e5dbdda
-
SHA512
536152d0999a5134c55d7ea742a777e59199fda3d52ec4601561b51a08c685979199a02d927dae9ede1c073e20a6368998685a19f9d4564db41cf8e5174cb244
-
SSDEEP
3072:spWpsBsqrNkMzN0mx7Sr69OzIUEAxebIJpxRdIw/j:NWB9nxU5qc
Behavioral task
behavioral1
Sample
b2f30961780525a78da848d2e5e45ced397debf5393209725a1a35cc5e5dbdda.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
b2f30961780525a78da848d2e5e45ced397debf5393209725a1a35cc5e5dbdda.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
b2f30961780525a78da848d2e5e45ced397debf5393209725a1a35cc5e5dbdda
-
Size
131KB
-
MD5
1bfd3abc31ea360d845a28bedeb2d58c
-
SHA1
5f3e9d599e0b378151f3c4bd9c281be74c72c503
-
SHA256
b2f30961780525a78da848d2e5e45ced397debf5393209725a1a35cc5e5dbdda
-
SHA512
536152d0999a5134c55d7ea742a777e59199fda3d52ec4601561b51a08c685979199a02d927dae9ede1c073e20a6368998685a19f9d4564db41cf8e5174cb244
-
SSDEEP
3072:spWpsBsqrNkMzN0mx7Sr69OzIUEAxebIJpxRdIw/j:NWB9nxU5qc
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (4849) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-