General

  • Target

    38f23d6fe7c1c9ec132badc1f0141e9263fa213a78483f60310688a450a77b8a

  • Size

    40KB

  • Sample

    250605-hck4kabn2z

  • MD5

    38cc16f2f73fdc5970310f6138a2d359

  • SHA1

    efd3677401cc9834f89cf17b247d7cb030a69723

  • SHA256

    38f23d6fe7c1c9ec132badc1f0141e9263fa213a78483f60310688a450a77b8a

  • SHA512

    f596cfed9b31e48c84ff5ca6a224af48c2cb1a4a9a4de57d1913de38a9b8a9c7791612f7afa4cff9e02efc03de2cf3c32f06cbab51cf8ad51b3c5313891f6f94

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOiBJ8vI8vN4VZO+WJ2H2jM:s7ZppApdIIiBmvHvOH1

Malware Config

Targets

    • Target

      38f23d6fe7c1c9ec132badc1f0141e9263fa213a78483f60310688a450a77b8a

    • Size

      40KB

    • MD5

      38cc16f2f73fdc5970310f6138a2d359

    • SHA1

      efd3677401cc9834f89cf17b247d7cb030a69723

    • SHA256

      38f23d6fe7c1c9ec132badc1f0141e9263fa213a78483f60310688a450a77b8a

    • SHA512

      f596cfed9b31e48c84ff5ca6a224af48c2cb1a4a9a4de57d1913de38a9b8a9c7791612f7afa4cff9e02efc03de2cf3c32f06cbab51cf8ad51b3c5313891f6f94

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOiBJ8vI8vN4VZO+WJ2H2jM:s7ZppApdIIiBmvHvOH1

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5197) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks