General

  • Target

    d69d51e16e778907c18623a9e68e7e27cde5d0acbded6b37f45cc88d1524dd00

  • Size

    92KB

  • Sample

    250605-ham55stky5

  • MD5

    4a369d1fb89b87cd2588c5f3736d6a7e

  • SHA1

    42eec37b314bee7dee5693bc3bef623d7bece0c9

  • SHA256

    d69d51e16e778907c18623a9e68e7e27cde5d0acbded6b37f45cc88d1524dd00

  • SHA512

    4685092cfc880608a602b3c734f0ee6102c50caba29ee9b419b67373cb262bacde61ab9a626813a14d475cdd8eb2be63a9bbecf7662d65b326e51654eb1bbcfc

  • SSDEEP

    1536:uGIIyBoLqrNkW1zN0m0lG1tETSA6+x1xtx1xT:2BsqrNkMzN0mx7Sr6+x1xtx1xT

Malware Config

Targets

    • Target

      d69d51e16e778907c18623a9e68e7e27cde5d0acbded6b37f45cc88d1524dd00

    • Size

      92KB

    • MD5

      4a369d1fb89b87cd2588c5f3736d6a7e

    • SHA1

      42eec37b314bee7dee5693bc3bef623d7bece0c9

    • SHA256

      d69d51e16e778907c18623a9e68e7e27cde5d0acbded6b37f45cc88d1524dd00

    • SHA512

      4685092cfc880608a602b3c734f0ee6102c50caba29ee9b419b67373cb262bacde61ab9a626813a14d475cdd8eb2be63a9bbecf7662d65b326e51654eb1bbcfc

    • SSDEEP

      1536:uGIIyBoLqrNkW1zN0m0lG1tETSA6+x1xtx1xT:2BsqrNkMzN0mx7Sr6+x1xtx1xT

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5040) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks