General

  • Target

    7f823f289d5d9e86017b5f688c73a0f05bb2beb0d8be55ac296f82b345c0ee15

  • Size

    33KB

  • Sample

    250605-hd4bjabn4z

  • MD5

    18e33345f0bf7e8beda79a858c3ddb5f

  • SHA1

    15b88b28760bf380fc8d8847f70cc37aa940f4f9

  • SHA256

    7f823f289d5d9e86017b5f688c73a0f05bb2beb0d8be55ac296f82b345c0ee15

  • SHA512

    e9fee14fdd212b264be2b0ed6b3f336bf83c50d2c5b3606e0bb7135e06f90bab216fd85ae1d83cc735da28b26b52dfbd9fa1974354ae94642b753c40b979a63f

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOiBJ8vI8vN4j87edqdv87edqd5:s7ZppApdIIiBmvHvH05

Malware Config

Targets

    • Target

      7f823f289d5d9e86017b5f688c73a0f05bb2beb0d8be55ac296f82b345c0ee15

    • Size

      33KB

    • MD5

      18e33345f0bf7e8beda79a858c3ddb5f

    • SHA1

      15b88b28760bf380fc8d8847f70cc37aa940f4f9

    • SHA256

      7f823f289d5d9e86017b5f688c73a0f05bb2beb0d8be55ac296f82b345c0ee15

    • SHA512

      e9fee14fdd212b264be2b0ed6b3f336bf83c50d2c5b3606e0bb7135e06f90bab216fd85ae1d83cc735da28b26b52dfbd9fa1974354ae94642b753c40b979a63f

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOiBJ8vI8vN4j87edqdv87edqd5:s7ZppApdIIiBmvHvH05

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5277) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks