General

  • Target

    a7ab698794d30b1692f5ce1c9422185faf9c2c376ea76f639ffb4c8ff9a79616

  • Size

    22KB

  • Sample

    250605-hz4jestm12

  • MD5

    098e8ad5b6f228afe7a29e5e38081924

  • SHA1

    da6e93ddaa5243af2186899e0363fd571fae577e

  • SHA256

    a7ab698794d30b1692f5ce1c9422185faf9c2c376ea76f639ffb4c8ff9a79616

  • SHA512

    f0d84350c91613aba428078c75b8ab17d2338e2585a925719124000ddfeb9949f55c1721d4e7baa68a729b8860a2c7307cb6de43c0e9acb79926791df53b3c2e

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOb84sAsvosGOUiuJtfosGOUiuJtqx:uZ4FLz8ae+rOn8ae+rOb83osGOUiuJtv

Malware Config

Targets

    • Target

      a7ab698794d30b1692f5ce1c9422185faf9c2c376ea76f639ffb4c8ff9a79616

    • Size

      22KB

    • MD5

      098e8ad5b6f228afe7a29e5e38081924

    • SHA1

      da6e93ddaa5243af2186899e0363fd571fae577e

    • SHA256

      a7ab698794d30b1692f5ce1c9422185faf9c2c376ea76f639ffb4c8ff9a79616

    • SHA512

      f0d84350c91613aba428078c75b8ab17d2338e2585a925719124000ddfeb9949f55c1721d4e7baa68a729b8860a2c7307cb6de43c0e9acb79926791df53b3c2e

    • SSDEEP

      384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOb84sAsvosGOUiuJtfosGOUiuJtqx:uZ4FLz8ae+rOn8ae+rOb83osGOUiuJtv

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5207) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks