General

  • Target

    0d1afafaf0e075e73fd919a8ad4fe4074f96f14367c304122849355816dfd113

  • Size

    38KB

  • Sample

    250605-mcezrsdj3t

  • MD5

    ee59db35085e182debb1b480b49a9f4b

  • SHA1

    cbbc1d3f632a4b83c03d6020c7dd302be268b608

  • SHA256

    0d1afafaf0e075e73fd919a8ad4fe4074f96f14367c304122849355816dfd113

  • SHA512

    6475691457278fd9792a12c7b5165d59851e1c90a0fd995411b1cc509a337297a02ef763ea8eb1667324debbbd6ba69f04636e501863778165d3e7a0d14e371f

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvaE9:s7ZppApdIIJQP+UDQvaE9

Malware Config

Targets

    • Target

      0d1afafaf0e075e73fd919a8ad4fe4074f96f14367c304122849355816dfd113

    • Size

      38KB

    • MD5

      ee59db35085e182debb1b480b49a9f4b

    • SHA1

      cbbc1d3f632a4b83c03d6020c7dd302be268b608

    • SHA256

      0d1afafaf0e075e73fd919a8ad4fe4074f96f14367c304122849355816dfd113

    • SHA512

      6475691457278fd9792a12c7b5165d59851e1c90a0fd995411b1cc509a337297a02ef763ea8eb1667324debbbd6ba69f04636e501863778165d3e7a0d14e371f

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvaE9:s7ZppApdIIJQP+UDQvaE9

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5037) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks