General

  • Target

    c307062cf39874a41a75195d0449661928b4e55e6b5504659fab2bc11aa33540

  • Size

    94KB

  • Sample

    250605-hc47fabn3x

  • MD5

    6e3d95ae01200601be0a5768268582e8

  • SHA1

    32b273e78ea0b12d44f88c97c4524b271cb07850

  • SHA256

    c307062cf39874a41a75195d0449661928b4e55e6b5504659fab2bc11aa33540

  • SHA512

    a53c17bc59560bd26b7caf8882f897a4dfcbe136432da5dd01b967521bf5af3d10c8bf92a2e4b0b6a49e1d343b810fab81c6a6f1337cd539fc938ab11afefe0d

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOrZkZ/7LG0525lZ4FLz8ae+rOn8ae+rOrZkZ+:s7ZppApdII1GQGII1G+

Malware Config

Targets

    • Target

      c307062cf39874a41a75195d0449661928b4e55e6b5504659fab2bc11aa33540

    • Size

      94KB

    • MD5

      6e3d95ae01200601be0a5768268582e8

    • SHA1

      32b273e78ea0b12d44f88c97c4524b271cb07850

    • SHA256

      c307062cf39874a41a75195d0449661928b4e55e6b5504659fab2bc11aa33540

    • SHA512

      a53c17bc59560bd26b7caf8882f897a4dfcbe136432da5dd01b967521bf5af3d10c8bf92a2e4b0b6a49e1d343b810fab81c6a6f1337cd539fc938ab11afefe0d

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOrZkZ/7LG0525lZ4FLz8ae+rOn8ae+rOrZkZ+:s7ZppApdII1GQGII1G+

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5042) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks