General

  • Target

    f95b0afc984fc869eefeb78c1be64ad08912232ca81ba77d1ebbdd22c2daf439

  • Size

    73KB

  • Sample

    250605-pgqceaxly3

  • MD5

    e6d776ff35c02d661e39b57ad86a3557

  • SHA1

    c81feb9cd670d9d60e1c5716698459adf65edaee

  • SHA256

    f95b0afc984fc869eefeb78c1be64ad08912232ca81ba77d1ebbdd22c2daf439

  • SHA512

    d8963a722c5569fc835dbd1fd14cc2b903ca85473891fc0c75615fd1708c5f70b2ca6d5394d605d262b4bd9344f244796a389d3f794f704cfae52019494988db

  • SSDEEP

    1536:s7ZppApdII1grC35rtLgnTVoAUZY/ECGn6cmi8eey9Xhy9XZ:spWpT9InTVsZYFG6cZh0Z

Malware Config

Targets

    • Target

      f95b0afc984fc869eefeb78c1be64ad08912232ca81ba77d1ebbdd22c2daf439

    • Size

      73KB

    • MD5

      e6d776ff35c02d661e39b57ad86a3557

    • SHA1

      c81feb9cd670d9d60e1c5716698459adf65edaee

    • SHA256

      f95b0afc984fc869eefeb78c1be64ad08912232ca81ba77d1ebbdd22c2daf439

    • SHA512

      d8963a722c5569fc835dbd1fd14cc2b903ca85473891fc0c75615fd1708c5f70b2ca6d5394d605d262b4bd9344f244796a389d3f794f704cfae52019494988db

    • SSDEEP

      1536:s7ZppApdII1grC35rtLgnTVoAUZY/ECGn6cmi8eey9Xhy9XZ:spWpT9InTVsZYFG6cZh0Z

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5080) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks