General

  • Target

    0b6abadb316df5e54327690342abc8d97bfb28666ce466de3abca4beeb2d8eed

  • Size

    39KB

  • Sample

    250605-j88p6svkv8

  • MD5

    ee395767f7a295eac97fa002d1135c99

  • SHA1

    6073194f262d11e0b8009daa95cde7e5f104b015

  • SHA256

    0b6abadb316df5e54327690342abc8d97bfb28666ce466de3abca4beeb2d8eed

  • SHA512

    39f4114d03746a63c719208b82e8d631c3be36f3d1556a8e61048b23e3d95d265e902a6bc860f1097d734c4f58628e01ae2dc94f263a0f13445d1252c18f6760

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOb83osGOUiuJtfosGOUiuJtTsMtfMrS:s7ZppApdIIC0zA0O

Malware Config

Targets

    • Target

      0b6abadb316df5e54327690342abc8d97bfb28666ce466de3abca4beeb2d8eed

    • Size

      39KB

    • MD5

      ee395767f7a295eac97fa002d1135c99

    • SHA1

      6073194f262d11e0b8009daa95cde7e5f104b015

    • SHA256

      0b6abadb316df5e54327690342abc8d97bfb28666ce466de3abca4beeb2d8eed

    • SHA512

      39f4114d03746a63c719208b82e8d631c3be36f3d1556a8e61048b23e3d95d265e902a6bc860f1097d734c4f58628e01ae2dc94f263a0f13445d1252c18f6760

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOb83osGOUiuJtfosGOUiuJtTsMtfMrS:s7ZppApdIIC0zA0O

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5202) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks