General

  • Target

    ed3aceeb406009d982289051f8b4315b6288b364f374c7a0fc1c3fb97dd36c4a

  • Size

    75KB

  • Sample

    250605-mcflasdj3x

  • MD5

    125fa4f98c542401946f09f94b5cf8fc

  • SHA1

    4a54491e71ec4067cebc15a36447c5c460ee58c9

  • SHA256

    ed3aceeb406009d982289051f8b4315b6288b364f374c7a0fc1c3fb97dd36c4a

  • SHA512

    649eb71651ac3f50e9bc1cad97d0c782b18dbc953e3ee8b4886cc447ade1f3b3719f22d8b888150fba3c8e9e1091851aac07494eda07d8e60a5c270fa4405df5

  • SSDEEP

    768:uZ4FLz8ae+rOn8ae+rOrZkZ/7LGvZ4FLz8ae+rOn8ae+rOrZkZ/7LGP:uGII1GoGII1G2

Malware Config

Targets

    • Target

      ed3aceeb406009d982289051f8b4315b6288b364f374c7a0fc1c3fb97dd36c4a

    • Size

      75KB

    • MD5

      125fa4f98c542401946f09f94b5cf8fc

    • SHA1

      4a54491e71ec4067cebc15a36447c5c460ee58c9

    • SHA256

      ed3aceeb406009d982289051f8b4315b6288b364f374c7a0fc1c3fb97dd36c4a

    • SHA512

      649eb71651ac3f50e9bc1cad97d0c782b18dbc953e3ee8b4886cc447ade1f3b3719f22d8b888150fba3c8e9e1091851aac07494eda07d8e60a5c270fa4405df5

    • SSDEEP

      768:uZ4FLz8ae+rOn8ae+rOrZkZ/7LGvZ4FLz8ae+rOn8ae+rOrZkZ/7LGP:uGII1GoGII1G2

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5123) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks