General

  • Target

    690c7a4fd245a182bf453539e84c00629739445fb2d7cdd4abec6c32c792218f

  • Size

    139KB

  • Sample

    250605-hat9fsbm6s

  • MD5

    64d29fd60bdf4eaf3edbd734fb30c25f

  • SHA1

    ee726e6ecc4e0833185ded57c097e5a924c27081

  • SHA256

    690c7a4fd245a182bf453539e84c00629739445fb2d7cdd4abec6c32c792218f

  • SHA512

    f7c70e89ba444017b9f6fd06363aeef3d4de804d6f2e72fa919fb03eb823da4e829036e93cf4e20fa084dbdbbb21f5a2c0361704bad76bc0494d1e74183724b0

  • SSDEEP

    1536:s7ZppApdII1grC35rtLgnTVoAUZY/ECGn6cmi8eEXmxTcCF2wMDKyyvog1vEpDRb:spWpT9InTVsZYFG6cZP/1k

Malware Config

Targets

    • Target

      690c7a4fd245a182bf453539e84c00629739445fb2d7cdd4abec6c32c792218f

    • Size

      139KB

    • MD5

      64d29fd60bdf4eaf3edbd734fb30c25f

    • SHA1

      ee726e6ecc4e0833185ded57c097e5a924c27081

    • SHA256

      690c7a4fd245a182bf453539e84c00629739445fb2d7cdd4abec6c32c792218f

    • SHA512

      f7c70e89ba444017b9f6fd06363aeef3d4de804d6f2e72fa919fb03eb823da4e829036e93cf4e20fa084dbdbbb21f5a2c0361704bad76bc0494d1e74183724b0

    • SSDEEP

      1536:s7ZppApdII1grC35rtLgnTVoAUZY/ECGn6cmi8eEXmxTcCF2wMDKyyvog1vEpDRb:spWpT9InTVsZYFG6cZP/1k

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (4864) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks