General

  • Target

    f167113b5a76cd046556f5980afe35bd7f9ee202d244ffa353a75341e12a54d2

  • Size

    24KB

  • Sample

    250605-mcbmcadj2v

  • MD5

    68de0868c15b8c44e80f61104821bd5f

  • SHA1

    5c2c69504a81bbcdbee827f8794f015cb92c5295

  • SHA256

    f167113b5a76cd046556f5980afe35bd7f9ee202d244ffa353a75341e12a54d2

  • SHA512

    5ab8b9eb989a5b93c6a0c3d0863204b26115da4e46d70f617e91f45b0b306ec1def8fb9234512b5df3c90837d7018e266eff6f2ab912a1c449dbbe96ca9cba60

  • SSDEEP

    384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOiOZ2OZW0i90in:s7BlpppARFbhdLz8ae+rOn8ae+rOWdn

Malware Config

Targets

    • Target

      f167113b5a76cd046556f5980afe35bd7f9ee202d244ffa353a75341e12a54d2

    • Size

      24KB

    • MD5

      68de0868c15b8c44e80f61104821bd5f

    • SHA1

      5c2c69504a81bbcdbee827f8794f015cb92c5295

    • SHA256

      f167113b5a76cd046556f5980afe35bd7f9ee202d244ffa353a75341e12a54d2

    • SHA512

      5ab8b9eb989a5b93c6a0c3d0863204b26115da4e46d70f617e91f45b0b306ec1def8fb9234512b5df3c90837d7018e266eff6f2ab912a1c449dbbe96ca9cba60

    • SSDEEP

      384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOiOZ2OZW0i90in:s7BlpppARFbhdLz8ae+rOn8ae+rOWdn

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5031) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks