General
-
Target
ebc22a96186d5c99773b2bd0dab3a260d5ab2ae6a958b818d3e63eda59df077c
-
Size
32KB
-
Sample
250605-mb62vswls5
-
MD5
015dc40aa6e9affff3eb5fca91970d15
-
SHA1
06482338145b26b35ea7dd57096831991f54be5b
-
SHA256
ebc22a96186d5c99773b2bd0dab3a260d5ab2ae6a958b818d3e63eda59df077c
-
SHA512
b60a81533c331cc4b92fc76310728253c5e1b2a38e24613d608c984c17ed198155f453f99ae58f88c16f8ab8ef87350f964928b5ec5315d2bfe3706d8f1bf86b
-
SSDEEP
384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOr9NNV5H/V36aNQP+OKGDw9ce9cT:uZ4FLz8ae+rOn8ae+rO2aNQP+UDQve
Static task
static1
Behavioral task
behavioral1
Sample
ebc22a96186d5c99773b2bd0dab3a260d5ab2ae6a958b818d3e63eda59df077c.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
ebc22a96186d5c99773b2bd0dab3a260d5ab2ae6a958b818d3e63eda59df077c.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
ebc22a96186d5c99773b2bd0dab3a260d5ab2ae6a958b818d3e63eda59df077c
-
Size
32KB
-
MD5
015dc40aa6e9affff3eb5fca91970d15
-
SHA1
06482338145b26b35ea7dd57096831991f54be5b
-
SHA256
ebc22a96186d5c99773b2bd0dab3a260d5ab2ae6a958b818d3e63eda59df077c
-
SHA512
b60a81533c331cc4b92fc76310728253c5e1b2a38e24613d608c984c17ed198155f453f99ae58f88c16f8ab8ef87350f964928b5ec5315d2bfe3706d8f1bf86b
-
SSDEEP
384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOr9NNV5H/V36aNQP+OKGDw9ce9cT:uZ4FLz8ae+rOn8ae+rO2aNQP+UDQve
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-