General

  • Target

    0728d70cc6ab71816d3fb91b43d694f843493291b7701acfb707f4cdae51b30e

  • Size

    18KB

  • Sample

    250605-pgqm6sxly5

  • MD5

    7fdc4646d6d8c2518f0a320ed391bfc5

  • SHA1

    5b80b336fab63a8ac9cf8e6f4ac99413c31b89bc

  • SHA256

    0728d70cc6ab71816d3fb91b43d694f843493291b7701acfb707f4cdae51b30e

  • SHA512

    0b374f6a485aaa6eecb5ade0447c7c4799b6b6947ece0c9d914af72bb828294f4a369747b85d9a1d91c251bbe45b9268fa2e40abf7c3a4da953a3c934059332e

  • SSDEEP

    384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOewAJAJEOgVwAJAJEOgr:uZ4FLz8ae+rOn8ae+rOyJAJExFJAJExr

Malware Config

Targets

    • Target

      0728d70cc6ab71816d3fb91b43d694f843493291b7701acfb707f4cdae51b30e

    • Size

      18KB

    • MD5

      7fdc4646d6d8c2518f0a320ed391bfc5

    • SHA1

      5b80b336fab63a8ac9cf8e6f4ac99413c31b89bc

    • SHA256

      0728d70cc6ab71816d3fb91b43d694f843493291b7701acfb707f4cdae51b30e

    • SHA512

      0b374f6a485aaa6eecb5ade0447c7c4799b6b6947ece0c9d914af72bb828294f4a369747b85d9a1d91c251bbe45b9268fa2e40abf7c3a4da953a3c934059332e

    • SSDEEP

      384:hAg+5OCZ4W6/KWLsqmFae+rOAqmFae+rOewAJAJEOgVwAJAJEOgr:uZ4FLz8ae+rOn8ae+rOyJAJExFJAJExr

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5132) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks