General

  • Target

    80825fe18fea17914921def6c5b93cd4fd47139371c448eea8b3c240430f4100

  • Size

    33KB

  • Sample

    250605-hcmx6abn3v

  • MD5

    76ff69c574d60a3b387b869a2d55870a

  • SHA1

    41afa0ef34fa0d21ecb86c85264dadc4cd005434

  • SHA256

    80825fe18fea17914921def6c5b93cd4fd47139371c448eea8b3c240430f4100

  • SHA512

    00d25e5956a16e357edba44fb76db3d89eafb8ae918b2eb31393055a11951e1126de14a6894c68b34a214a8772cbd36db95d219d2451aaa7a92f7ea0b3233a7a

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rO44Ph4PW:s7ZppApdII4eheW

Malware Config

Targets

    • Target

      80825fe18fea17914921def6c5b93cd4fd47139371c448eea8b3c240430f4100

    • Size

      33KB

    • MD5

      76ff69c574d60a3b387b869a2d55870a

    • SHA1

      41afa0ef34fa0d21ecb86c85264dadc4cd005434

    • SHA256

      80825fe18fea17914921def6c5b93cd4fd47139371c448eea8b3c240430f4100

    • SHA512

      00d25e5956a16e357edba44fb76db3d89eafb8ae918b2eb31393055a11951e1126de14a6894c68b34a214a8772cbd36db95d219d2451aaa7a92f7ea0b3233a7a

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rO44Ph4PW:s7ZppApdII4eheW

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5268) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks