General

  • Target

    2c78cf218cf778918330a2afec4bf88fcb18387792c64ee3d0def4aee92f5733

  • Size

    20KB

  • Sample

    250605-pg2ensxlz7

  • MD5

    57b875f81afc4778c0ae1e316d60d021

  • SHA1

    9eb9e20dafab6bb2b62db71747d9d2b00e2c9663

  • SHA256

    2c78cf218cf778918330a2afec4bf88fcb18387792c64ee3d0def4aee92f5733

  • SHA512

    d19bff39ef8e19522c60b7971d73f2b47e79300e2cd093109766ef18531f65b511f09de6dd0ae8fe033a39c479c3936ca7f5b0d22d286d6ec3c5273d9063372b

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOfiikTTiikTT:uZ4FLz8ae+rOn8ae+rOWTqTT

Malware Config

Targets

    • Target

      2c78cf218cf778918330a2afec4bf88fcb18387792c64ee3d0def4aee92f5733

    • Size

      20KB

    • MD5

      57b875f81afc4778c0ae1e316d60d021

    • SHA1

      9eb9e20dafab6bb2b62db71747d9d2b00e2c9663

    • SHA256

      2c78cf218cf778918330a2afec4bf88fcb18387792c64ee3d0def4aee92f5733

    • SHA512

      d19bff39ef8e19522c60b7971d73f2b47e79300e2cd093109766ef18531f65b511f09de6dd0ae8fe033a39c479c3936ca7f5b0d22d286d6ec3c5273d9063372b

    • SSDEEP

      384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOfiikTTiikTT:uZ4FLz8ae+rOn8ae+rOWTqTT

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5278) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks