General

  • Target

    c22750e90d23f513ef4afa7fae109c34afba64aff430b705c04a209880071c95

  • Size

    72KB

  • Sample

    250605-hbbhqsbm7x

  • MD5

    55ab765c2fd14821e21ec07465321266

  • SHA1

    a4d84f2b8c7781f1d5d86b6cd238320fabe2cc3b

  • SHA256

    c22750e90d23f513ef4afa7fae109c34afba64aff430b705c04a209880071c95

  • SHA512

    1101f8139fd60e510dc356e9fbe910f8bbe1212ea1b9b3b2ad9c88fc767e4ba1bc33af3e9f33492300cc4bdaba8cc75ae87251c8b466444e687b6c1730680fb3

  • SSDEEP

    1536:uGII1grC35rtLgnTVoAUZY/ECGn6cmi8eD:Z9InTVsZYFG6cZ/

Malware Config

Targets

    • Target

      c22750e90d23f513ef4afa7fae109c34afba64aff430b705c04a209880071c95

    • Size

      72KB

    • MD5

      55ab765c2fd14821e21ec07465321266

    • SHA1

      a4d84f2b8c7781f1d5d86b6cd238320fabe2cc3b

    • SHA256

      c22750e90d23f513ef4afa7fae109c34afba64aff430b705c04a209880071c95

    • SHA512

      1101f8139fd60e510dc356e9fbe910f8bbe1212ea1b9b3b2ad9c88fc767e4ba1bc33af3e9f33492300cc4bdaba8cc75ae87251c8b466444e687b6c1730680fb3

    • SSDEEP

      1536:uGII1grC35rtLgnTVoAUZY/ECGn6cmi8eD:Z9InTVsZYFG6cZ/

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5125) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks