General

  • Target

    6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02

  • Size

    281KB

  • Sample

    250605-j89mgavkv9

  • MD5

    3a85e8a4af518aa58cc7891ee95db231

  • SHA1

    df0bae9ae511225ec962aeca1fcf0b3748b37f00

  • SHA256

    6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02

  • SHA512

    3f825f1033b50d7837ac374280dc6e6e427afe0edf36ad684ac75a8828356e20d41bf48b0483c2e3fd3028d77df3f6996e2c158c41d90b96d4338b2ae4831b80

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOb83osGOUiuJtfosGOUiuJt5:s7ZppApdIIC0E

Malware Config

Targets

    • Target

      6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02

    • Size

      281KB

    • MD5

      3a85e8a4af518aa58cc7891ee95db231

    • SHA1

      df0bae9ae511225ec962aeca1fcf0b3748b37f00

    • SHA256

      6d603198b881a83e2d4908e309a2d6f2f5709aaa760766f221f9474c01367b02

    • SHA512

      3f825f1033b50d7837ac374280dc6e6e427afe0edf36ad684ac75a8828356e20d41bf48b0483c2e3fd3028d77df3f6996e2c158c41d90b96d4338b2ae4831b80

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOb83osGOUiuJtfosGOUiuJt5:s7ZppApdIIC0E

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (4593) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks