General
-
Target
275c7ad37936bc8c7021cf9a65806f0c51eded9f30d5ac152c18cedaa7836600
-
Size
46KB
-
Sample
250605-kahxjatyhv
-
MD5
a2e0c6bd03184ab276a3f34a885271d1
-
SHA1
e21357e95849e06feb00483bb7dd8df9403da538
-
SHA256
275c7ad37936bc8c7021cf9a65806f0c51eded9f30d5ac152c18cedaa7836600
-
SHA512
6594664f486fae796e5e944271f3841e35394040bad539b10c0a835fd93ca3411136d9dd3d3e0f289ac7402cf55a347f0332ed8a1e7f77826de28cae906458ed
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rOx6563Z4FLz8ae+rOn8ae+rOx656vltlE:uGII0M3GII0MvvC
Static task
static1
Behavioral task
behavioral1
Sample
275c7ad37936bc8c7021cf9a65806f0c51eded9f30d5ac152c18cedaa7836600.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
275c7ad37936bc8c7021cf9a65806f0c51eded9f30d5ac152c18cedaa7836600.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
275c7ad37936bc8c7021cf9a65806f0c51eded9f30d5ac152c18cedaa7836600
-
Size
46KB
-
MD5
a2e0c6bd03184ab276a3f34a885271d1
-
SHA1
e21357e95849e06feb00483bb7dd8df9403da538
-
SHA256
275c7ad37936bc8c7021cf9a65806f0c51eded9f30d5ac152c18cedaa7836600
-
SHA512
6594664f486fae796e5e944271f3841e35394040bad539b10c0a835fd93ca3411136d9dd3d3e0f289ac7402cf55a347f0332ed8a1e7f77826de28cae906458ed
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rOx6563Z4FLz8ae+rOn8ae+rOx656vltlE:uGII0M3GII0MvvC
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5248) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-