General

  • Target

    07fbecf4d0b5edb9d0bd6291bd0cd1af77a595fe6fbe2d3bca6ae4c276f9f4cd

  • Size

    702KB

  • Sample

    250605-pg92tacj51

  • MD5

    a4e4ef2fe04fa2bc668219538331907f

  • SHA1

    4f9dce2e5bfa49ca98bf81c6101bf361576e5655

  • SHA256

    07fbecf4d0b5edb9d0bd6291bd0cd1af77a595fe6fbe2d3bca6ae4c276f9f4cd

  • SHA512

    44ea386782fc0a05302cc47f2d5dc1904aa1be0b423cf425f3833379c4eeaee993cf141ef683a37b9d71707f432cafdb3335530ab107f58312cb943d6c5e7eb7

  • SSDEEP

    3072:spWpP9yH3H4oViM19mMo4MNsdLGqap/3wLGqq:NvyXYgiY2+LGqQ/ALGqq

Malware Config

Targets

    • Target

      07fbecf4d0b5edb9d0bd6291bd0cd1af77a595fe6fbe2d3bca6ae4c276f9f4cd

    • Size

      702KB

    • MD5

      a4e4ef2fe04fa2bc668219538331907f

    • SHA1

      4f9dce2e5bfa49ca98bf81c6101bf361576e5655

    • SHA256

      07fbecf4d0b5edb9d0bd6291bd0cd1af77a595fe6fbe2d3bca6ae4c276f9f4cd

    • SHA512

      44ea386782fc0a05302cc47f2d5dc1904aa1be0b423cf425f3833379c4eeaee993cf141ef683a37b9d71707f432cafdb3335530ab107f58312cb943d6c5e7eb7

    • SSDEEP

      3072:spWpP9yH3H4oViM19mMo4MNsdLGqap/3wLGqq:NvyXYgiY2+LGqQ/ALGqq

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (2798) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks