General

  • Target

    df7e270b2244bc5dd8f985f097c34d20e97aef5af02e74f3e9d81d338bce964d

  • Size

    99KB

  • Sample

    250605-hcaylabm9w

  • MD5

    573f0e9dfec4322876053f0d03c76e0e

  • SHA1

    6a1b5052807b7b67f751fedc8e6baf09bc7a9859

  • SHA256

    df7e270b2244bc5dd8f985f097c34d20e97aef5af02e74f3e9d81d338bce964d

  • SHA512

    4e4109c1496e566bc14d162c95b4659399a0eeb1e4b4fab3657f3ca16becf10cdf71ee7516e1a7be7e962c0b0eb80cd21955fbec1293828e6cfa46872739f548

  • SSDEEP

    1536:s7ZppApdIIyBoLqrNkW1zN0m0lG1tETSA6YmImFNUibo+h:spWpsBsqrNkMzN0mx7Sr6x

Malware Config

Targets

    • Target

      df7e270b2244bc5dd8f985f097c34d20e97aef5af02e74f3e9d81d338bce964d

    • Size

      99KB

    • MD5

      573f0e9dfec4322876053f0d03c76e0e

    • SHA1

      6a1b5052807b7b67f751fedc8e6baf09bc7a9859

    • SHA256

      df7e270b2244bc5dd8f985f097c34d20e97aef5af02e74f3e9d81d338bce964d

    • SHA512

      4e4109c1496e566bc14d162c95b4659399a0eeb1e4b4fab3657f3ca16becf10cdf71ee7516e1a7be7e962c0b0eb80cd21955fbec1293828e6cfa46872739f548

    • SSDEEP

      1536:s7ZppApdIIyBoLqrNkW1zN0m0lG1tETSA6YmImFNUibo+h:spWpsBsqrNkMzN0mx7Sr6x

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5030) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks