General

  • Target

    88babc044b2bee58bf75f66873926cec4a87c4d6ee85b6d145f4581190072fe0

  • Size

    37KB

  • Sample

    250605-hamvdaszhw

  • MD5

    3fcb7f98232244bf94b6492b0b665089

  • SHA1

    873d5d6acc4861ac700b033157f4d6bcddaaba24

  • SHA256

    88babc044b2bee58bf75f66873926cec4a87c4d6ee85b6d145f4581190072fe0

  • SHA512

    7ec414df8c765ec896d91558b6d3315cc249a6c87c419c4de92c97ef16efd4c6def60d907e4f4d2bb20406c91200092da0a55bff31959d5540a8e870ecf53b81

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOYE/AE/DZKNZKy7LzizB:uZ4FLz8ae+rOn8ae+rOrZkZ/7LGd

Malware Config

Targets

    • Target

      88babc044b2bee58bf75f66873926cec4a87c4d6ee85b6d145f4581190072fe0

    • Size

      37KB

    • MD5

      3fcb7f98232244bf94b6492b0b665089

    • SHA1

      873d5d6acc4861ac700b033157f4d6bcddaaba24

    • SHA256

      88babc044b2bee58bf75f66873926cec4a87c4d6ee85b6d145f4581190072fe0

    • SHA512

      7ec414df8c765ec896d91558b6d3315cc249a6c87c419c4de92c97ef16efd4c6def60d907e4f4d2bb20406c91200092da0a55bff31959d5540a8e870ecf53b81

    • SSDEEP

      384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOYE/AE/DZKNZKy7LzizB:uZ4FLz8ae+rOn8ae+rOrZkZ/7LGd

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5213) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks