General

  • Target

    698dcaf2876edaf721273de698089398d2740d9403c8ff6552f0035195f573f5

  • Size

    43KB

  • Sample

    250605-mdsbgswlv5

  • MD5

    d94d7c736e18d0698e4e26e3418836c1

  • SHA1

    253f19e3d76f1e77f1b5e529f74a268f9c8d2514

  • SHA256

    698dcaf2876edaf721273de698089398d2740d9403c8ff6552f0035195f573f5

  • SHA512

    9f3f1bc964084d5d3c7bdddac7ef7b8f0daad588e73dd8cc34c9c6827857e96237c3baa6239ef1e8dbdf50915b9d0731cad8e0c8666efd472ce4632f54e1b7fd

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOYE/AE/DZKNZKy7LzizuFpUuFpU2:uZ4FLz8ae+rOn8ae+rOrZkZ/7LGBN2

Malware Config

Targets

    • Target

      698dcaf2876edaf721273de698089398d2740d9403c8ff6552f0035195f573f5

    • Size

      43KB

    • MD5

      d94d7c736e18d0698e4e26e3418836c1

    • SHA1

      253f19e3d76f1e77f1b5e529f74a268f9c8d2514

    • SHA256

      698dcaf2876edaf721273de698089398d2740d9403c8ff6552f0035195f573f5

    • SHA512

      9f3f1bc964084d5d3c7bdddac7ef7b8f0daad588e73dd8cc34c9c6827857e96237c3baa6239ef1e8dbdf50915b9d0731cad8e0c8666efd472ce4632f54e1b7fd

    • SSDEEP

      384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOYE/AE/DZKNZKy7LzizuFpUuFpU2:uZ4FLz8ae+rOn8ae+rOrZkZ/7LGBN2

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5207) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks