General

  • Target

    a16613d4bddcc357aa5532e63b8e59f0655ad03da8bd89daf0260dd0ab62ae01

  • Size

    20KB

  • Sample

    250605-hcwv3as1bw

  • MD5

    ac8871ee749156c2558e767a674c4319

  • SHA1

    1733f6f633e82c7d1e3efb724d4e361df9e6c0dd

  • SHA256

    a16613d4bddcc357aa5532e63b8e59f0655ad03da8bd89daf0260dd0ab62ae01

  • SHA512

    9c599768fc3df411f6c5e249422b19138f73cda34ef34a9fbdd8cf8334d0f308dac0bac093832d08cc3012620bbf07e1126e4a69f871f1274e409c89bed7512b

  • SSDEEP

    384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOq:s7BlpppARFbhdLz8ae+rOn8ae+rOq

Malware Config

Targets

    • Target

      a16613d4bddcc357aa5532e63b8e59f0655ad03da8bd89daf0260dd0ab62ae01

    • Size

      20KB

    • MD5

      ac8871ee749156c2558e767a674c4319

    • SHA1

      1733f6f633e82c7d1e3efb724d4e361df9e6c0dd

    • SHA256

      a16613d4bddcc357aa5532e63b8e59f0655ad03da8bd89daf0260dd0ab62ae01

    • SHA512

      9c599768fc3df411f6c5e249422b19138f73cda34ef34a9fbdd8cf8334d0f308dac0bac093832d08cc3012620bbf07e1126e4a69f871f1274e409c89bed7512b

    • SSDEEP

      384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOq:s7BlpppARFbhdLz8ae+rOn8ae+rOq

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5203) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks