General

  • Target

    24f2eb90845e42c7b83d4cc2d690e14e29881d033253741af02d9a10b768b94b

  • Size

    189KB

  • Sample

    250605-j89bpstygw

  • MD5

    cc8e433070ebf256f0eedc4cfd2d94e3

  • SHA1

    78d1cd0ecc0331b96de41e9f04666d300e233d10

  • SHA256

    24f2eb90845e42c7b83d4cc2d690e14e29881d033253741af02d9a10b768b94b

  • SHA512

    75a498572e825a1bb5ebdd50dcc85f269337ff6fdf588b89a543edfcb60dcf904c553b37e65be530bc6d5a751af5f17a5a47024a4a23ae1c4fdd946a94ddbec8

  • SSDEEP

    3072:spWpsBsqrNkMzN0mx7Sr6zBsqrNkMzN0mx7Sr6z:NWB9nPB9n/

Malware Config

Targets

    • Target

      24f2eb90845e42c7b83d4cc2d690e14e29881d033253741af02d9a10b768b94b

    • Size

      189KB

    • MD5

      cc8e433070ebf256f0eedc4cfd2d94e3

    • SHA1

      78d1cd0ecc0331b96de41e9f04666d300e233d10

    • SHA256

      24f2eb90845e42c7b83d4cc2d690e14e29881d033253741af02d9a10b768b94b

    • SHA512

      75a498572e825a1bb5ebdd50dcc85f269337ff6fdf588b89a543edfcb60dcf904c553b37e65be530bc6d5a751af5f17a5a47024a4a23ae1c4fdd946a94ddbec8

    • SSDEEP

      3072:spWpsBsqrNkMzN0mx7Sr6zBsqrNkMzN0mx7Sr6z:NWB9nPB9n/

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (4752) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks