General

  • Target

    b2f30961780525a78da848d2e5e45ced397debf5393209725a1a35cc5e5dbdda

  • Size

    131KB

  • Sample

    250605-hahwesszht

  • MD5

    1bfd3abc31ea360d845a28bedeb2d58c

  • SHA1

    5f3e9d599e0b378151f3c4bd9c281be74c72c503

  • SHA256

    b2f30961780525a78da848d2e5e45ced397debf5393209725a1a35cc5e5dbdda

  • SHA512

    536152d0999a5134c55d7ea742a777e59199fda3d52ec4601561b51a08c685979199a02d927dae9ede1c073e20a6368998685a19f9d4564db41cf8e5174cb244

  • SSDEEP

    3072:spWpsBsqrNkMzN0mx7Sr69OzIUEAxebIJpxRdIw/j:NWB9nxU5qc

Malware Config

Targets

    • Target

      b2f30961780525a78da848d2e5e45ced397debf5393209725a1a35cc5e5dbdda

    • Size

      131KB

    • MD5

      1bfd3abc31ea360d845a28bedeb2d58c

    • SHA1

      5f3e9d599e0b378151f3c4bd9c281be74c72c503

    • SHA256

      b2f30961780525a78da848d2e5e45ced397debf5393209725a1a35cc5e5dbdda

    • SHA512

      536152d0999a5134c55d7ea742a777e59199fda3d52ec4601561b51a08c685979199a02d927dae9ede1c073e20a6368998685a19f9d4564db41cf8e5174cb244

    • SSDEEP

      3072:spWpsBsqrNkMzN0mx7Sr69OzIUEAxebIJpxRdIw/j:NWB9nxU5qc

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (4849) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks