General
-
Target
0d1afafaf0e075e73fd919a8ad4fe4074f96f14367c304122849355816dfd113
-
Size
38KB
-
Sample
250605-mcezrsdj3t
-
MD5
ee59db35085e182debb1b480b49a9f4b
-
SHA1
cbbc1d3f632a4b83c03d6020c7dd302be268b608
-
SHA256
0d1afafaf0e075e73fd919a8ad4fe4074f96f14367c304122849355816dfd113
-
SHA512
6475691457278fd9792a12c7b5165d59851e1c90a0fd995411b1cc509a337297a02ef763ea8eb1667324debbbd6ba69f04636e501863778165d3e7a0d14e371f
-
SSDEEP
768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvaE9:s7ZppApdIIJQP+UDQvaE9
Behavioral task
behavioral1
Sample
0d1afafaf0e075e73fd919a8ad4fe4074f96f14367c304122849355816dfd113.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
0d1afafaf0e075e73fd919a8ad4fe4074f96f14367c304122849355816dfd113
-
Size
38KB
-
MD5
ee59db35085e182debb1b480b49a9f4b
-
SHA1
cbbc1d3f632a4b83c03d6020c7dd302be268b608
-
SHA256
0d1afafaf0e075e73fd919a8ad4fe4074f96f14367c304122849355816dfd113
-
SHA512
6475691457278fd9792a12c7b5165d59851e1c90a0fd995411b1cc509a337297a02ef763ea8eb1667324debbbd6ba69f04636e501863778165d3e7a0d14e371f
-
SSDEEP
768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvaE9:s7ZppApdIIJQP+UDQvaE9
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5037) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-