General

  • Target

    c4c62759dcb6b5c01d124f162b5dc8e44f7a8aec0567cfd16c82f384d6c81a96

  • Size

    48KB

  • Sample

    250605-hff9satlv4

  • MD5

    f26cac3dc2ea91909001e5cd07243cdf

  • SHA1

    addf6232d59ea17a60e7018b326bf072dec1d287

  • SHA256

    c4c62759dcb6b5c01d124f162b5dc8e44f7a8aec0567cfd16c82f384d6c81a96

  • SHA512

    1cd6c76ea1da20b1b2b96eb7d2a38dc3f315b95e43afd9f14a7ccd4841de7382b0b8c999897ae0335298f852f754372bbeab68ab7a079d540f86a5ea72e94557

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOrZkZ/7LG0525Q:s7ZppApdII1Gr

Malware Config

Targets

    • Target

      c4c62759dcb6b5c01d124f162b5dc8e44f7a8aec0567cfd16c82f384d6c81a96

    • Size

      48KB

    • MD5

      f26cac3dc2ea91909001e5cd07243cdf

    • SHA1

      addf6232d59ea17a60e7018b326bf072dec1d287

    • SHA256

      c4c62759dcb6b5c01d124f162b5dc8e44f7a8aec0567cfd16c82f384d6c81a96

    • SHA512

      1cd6c76ea1da20b1b2b96eb7d2a38dc3f315b95e43afd9f14a7ccd4841de7382b0b8c999897ae0335298f852f754372bbeab68ab7a079d540f86a5ea72e94557

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOrZkZ/7LG0525Q:s7ZppApdII1Gr

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5042) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks