General
-
Target
25e51be35cebae5ab4fa076a49f5af7fcd32b1fe26e9177c5dd16b18c8dbb373
-
Size
46KB
-
Sample
250605-pgqyyaxly7
-
MD5
bf9ba01281f2a071ec311719d8059960
-
SHA1
43372a75088c92f97e2ab6de376510d8b9764bd1
-
SHA256
25e51be35cebae5ab4fa076a49f5af7fcd32b1fe26e9177c5dd16b18c8dbb373
-
SHA512
058a83187fd1eac32a37f76700fde6091c54d9243c5af42bfc142a87986d43b3e00d6f03436661580ed5c238b3ae9330d579309cc3a0d244be6ed3aaab7aed73
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rOx656rZ4FLz8ae+rOn8ae+rOx656ma+aS:uGII0MrGII0Mma+aS
Static task
static1
Behavioral task
behavioral1
Sample
25e51be35cebae5ab4fa076a49f5af7fcd32b1fe26e9177c5dd16b18c8dbb373.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
25e51be35cebae5ab4fa076a49f5af7fcd32b1fe26e9177c5dd16b18c8dbb373.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
25e51be35cebae5ab4fa076a49f5af7fcd32b1fe26e9177c5dd16b18c8dbb373
-
Size
46KB
-
MD5
bf9ba01281f2a071ec311719d8059960
-
SHA1
43372a75088c92f97e2ab6de376510d8b9764bd1
-
SHA256
25e51be35cebae5ab4fa076a49f5af7fcd32b1fe26e9177c5dd16b18c8dbb373
-
SHA512
058a83187fd1eac32a37f76700fde6091c54d9243c5af42bfc142a87986d43b3e00d6f03436661580ed5c238b3ae9330d579309cc3a0d244be6ed3aaab7aed73
-
SSDEEP
768:uZ4FLz8ae+rOn8ae+rOx656rZ4FLz8ae+rOn8ae+rOx656ma+aS:uGII0MrGII0Mma+aS
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5264) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-