General
-
Target
d49e17c4bbed99a1c29dc7fed015bcc7c7294068f9e40cb4aa65e6ae6ce68198
-
Size
21KB
-
Sample
250605-mdkawav1ey
-
MD5
6fc73191a1f7902ffa365d5120678138
-
SHA1
de2eb9e317d6bcf2b591c66d1a21f64b8f4082f5
-
SHA256
d49e17c4bbed99a1c29dc7fed015bcc7c7294068f9e40cb4aa65e6ae6ce68198
-
SHA512
469ff76436d6378598990c1f17fc7214043af52a765588ac37552426c22ae766218df34451667c68b4119444953eda18291bba032d75bec39c86fce46d9e98c1
-
SSDEEP
384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rODAL:s7BlpppARFbhdLz8ae+rOn8ae+rODAL
Behavioral task
behavioral1
Sample
d49e17c4bbed99a1c29dc7fed015bcc7c7294068f9e40cb4aa65e6ae6ce68198.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
d49e17c4bbed99a1c29dc7fed015bcc7c7294068f9e40cb4aa65e6ae6ce68198.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
d49e17c4bbed99a1c29dc7fed015bcc7c7294068f9e40cb4aa65e6ae6ce68198
-
Size
21KB
-
MD5
6fc73191a1f7902ffa365d5120678138
-
SHA1
de2eb9e317d6bcf2b591c66d1a21f64b8f4082f5
-
SHA256
d49e17c4bbed99a1c29dc7fed015bcc7c7294068f9e40cb4aa65e6ae6ce68198
-
SHA512
469ff76436d6378598990c1f17fc7214043af52a765588ac37552426c22ae766218df34451667c68b4119444953eda18291bba032d75bec39c86fce46d9e98c1
-
SSDEEP
384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rODAL:s7BlpppARFbhdLz8ae+rOn8ae+rODAL
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-