General

  • Target

    275c7ad37936bc8c7021cf9a65806f0c51eded9f30d5ac152c18cedaa7836600

  • Size

    46KB

  • Sample

    250605-kahxjatyhv

  • MD5

    a2e0c6bd03184ab276a3f34a885271d1

  • SHA1

    e21357e95849e06feb00483bb7dd8df9403da538

  • SHA256

    275c7ad37936bc8c7021cf9a65806f0c51eded9f30d5ac152c18cedaa7836600

  • SHA512

    6594664f486fae796e5e944271f3841e35394040bad539b10c0a835fd93ca3411136d9dd3d3e0f289ac7402cf55a347f0332ed8a1e7f77826de28cae906458ed

  • SSDEEP

    768:uZ4FLz8ae+rOn8ae+rOx6563Z4FLz8ae+rOn8ae+rOx656vltlE:uGII0M3GII0MvvC

Malware Config

Targets

    • Target

      275c7ad37936bc8c7021cf9a65806f0c51eded9f30d5ac152c18cedaa7836600

    • Size

      46KB

    • MD5

      a2e0c6bd03184ab276a3f34a885271d1

    • SHA1

      e21357e95849e06feb00483bb7dd8df9403da538

    • SHA256

      275c7ad37936bc8c7021cf9a65806f0c51eded9f30d5ac152c18cedaa7836600

    • SHA512

      6594664f486fae796e5e944271f3841e35394040bad539b10c0a835fd93ca3411136d9dd3d3e0f289ac7402cf55a347f0332ed8a1e7f77826de28cae906458ed

    • SSDEEP

      768:uZ4FLz8ae+rOn8ae+rOx6563Z4FLz8ae+rOn8ae+rOx656vltlE:uGII0M3GII0MvvC

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5248) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks