General

  • Target

    35d9cfb50e9de7ffa0bcc5b24677062e08f516e0264694c6b6910253cd4211e9

  • Size

    86KB

  • Sample

    250605-mdpkladj5w

  • MD5

    b6db4a0526192b53e45260e2b4d54b45

  • SHA1

    04c886b67c070fd01c7967297cec86dd7825eda9

  • SHA256

    35d9cfb50e9de7ffa0bcc5b24677062e08f516e0264694c6b6910253cd4211e9

  • SHA512

    9df1565eb2d658d72eef331d942bc528b5156bece041759c6051a0a651572ab259a146f7d2c68f07eccec5067eefacf788e3411c19541560672e3fa392c3b57b

  • SSDEEP

    1536:uGIIxgrC35rtLVja0tzmAjUHjkja0tzmAjUHjtuC6mgoZeyi7idsy:N9g8mgoZRi7idsy

Malware Config

Targets

    • Target

      35d9cfb50e9de7ffa0bcc5b24677062e08f516e0264694c6b6910253cd4211e9

    • Size

      86KB

    • MD5

      b6db4a0526192b53e45260e2b4d54b45

    • SHA1

      04c886b67c070fd01c7967297cec86dd7825eda9

    • SHA256

      35d9cfb50e9de7ffa0bcc5b24677062e08f516e0264694c6b6910253cd4211e9

    • SHA512

      9df1565eb2d658d72eef331d942bc528b5156bece041759c6051a0a651572ab259a146f7d2c68f07eccec5067eefacf788e3411c19541560672e3fa392c3b57b

    • SSDEEP

      1536:uGIIxgrC35rtLVja0tzmAjUHjkja0tzmAjUHjtuC6mgoZeyi7idsy:N9g8mgoZRi7idsy

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5030) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks