General

  • Target

    7560a92a8a15348c936f0ca6bce72fbae5736f2ee0fdbf7bc555ebfaef3e78be

  • Size

    40KB

  • Sample

    250605-mdh3tav1ev

  • MD5

    a4ae2672115aab01c82d78ab69575116

  • SHA1

    c5c6a1e5795cb7c425fb875688e88c09d868c7b8

  • SHA256

    7560a92a8a15348c936f0ca6bce72fbae5736f2ee0fdbf7bc555ebfaef3e78be

  • SHA512

    d674f95938e4d106581facdd9a4c77acfce709f543845995c4a45300ec3404c25d853649700068798fb1ebf9deb699218f23951c57bcadcbab0f7f235bec8231

  • SSDEEP

    768:uZ4FLz8ae+rOn8ae+rOkDZ4FLz8ae+rOn8ae+rOk3ligi1xrligi1xk:uGII4GIIKAHXAH4

Malware Config

Targets

    • Target

      7560a92a8a15348c936f0ca6bce72fbae5736f2ee0fdbf7bc555ebfaef3e78be

    • Size

      40KB

    • MD5

      a4ae2672115aab01c82d78ab69575116

    • SHA1

      c5c6a1e5795cb7c425fb875688e88c09d868c7b8

    • SHA256

      7560a92a8a15348c936f0ca6bce72fbae5736f2ee0fdbf7bc555ebfaef3e78be

    • SHA512

      d674f95938e4d106581facdd9a4c77acfce709f543845995c4a45300ec3404c25d853649700068798fb1ebf9deb699218f23951c57bcadcbab0f7f235bec8231

    • SSDEEP

      768:uZ4FLz8ae+rOn8ae+rOkDZ4FLz8ae+rOn8ae+rOk3ligi1xrligi1xk:uGII4GIIKAHXAH4

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5262) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks