General

  • Target

    51a044e2f519ac49fc454924eaf01451ea7102a4c7a04713a2791ef6ebaa8b5b

  • Size

    44KB

  • Sample

    250605-hdjl5atls8

  • MD5

    ed130ca8e726468dfd15200285f3b40f

  • SHA1

    7874ba910f280b6e6dc0b871756451f992d0d395

  • SHA256

    51a044e2f519ac49fc454924eaf01451ea7102a4c7a04713a2791ef6ebaa8b5b

  • SHA512

    4d95d6d65b5f711520852bf0a3a29dc28f7d11249cd9495631a6a5b3a9a25530e8d643097e02ca2e60e9e993843b17f1bc8acc6b446d9a1bb7125392ec2bd135

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOrZkZ/7LG8vWPaPvWPaD:s7ZppApdII1Ghvbvv

Malware Config

Targets

    • Target

      51a044e2f519ac49fc454924eaf01451ea7102a4c7a04713a2791ef6ebaa8b5b

    • Size

      44KB

    • MD5

      ed130ca8e726468dfd15200285f3b40f

    • SHA1

      7874ba910f280b6e6dc0b871756451f992d0d395

    • SHA256

      51a044e2f519ac49fc454924eaf01451ea7102a4c7a04713a2791ef6ebaa8b5b

    • SHA512

      4d95d6d65b5f711520852bf0a3a29dc28f7d11249cd9495631a6a5b3a9a25530e8d643097e02ca2e60e9e993843b17f1bc8acc6b446d9a1bb7125392ec2bd135

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOrZkZ/7LG8vWPaPvWPaD:s7ZppApdII1Ghvbvv

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5031) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks