General

  • Target

    141ead4ee42ac5aea06601ca35a981af109baf11dee3b8d7bc25b88a47ecdba9

  • Size

    84KB

  • Sample

    250605-pjf7hsxl15

  • MD5

    f981bf58885f4a9fb7f30e40e9a6fbbb

  • SHA1

    3631e7672421c9e9c16abf8ea6c02d48e8e9f18a

  • SHA256

    141ead4ee42ac5aea06601ca35a981af109baf11dee3b8d7bc25b88a47ecdba9

  • SHA512

    b2a75a3ae9d755525a2ddde0d18b14bb7967c9249ec1039dffe1a920464f0c16608d193a98e804df2e3d7f651c25f7eeedcc6c8f0fd8452d065c65b9aa8a9479

  • SSDEEP

    1536:s7ZppApdII1grC35rtLgnTVoAUZY/ECGn6cmi8eEXcBxOBxIFR:spWpT9InTVsZYFG6cZxnOnIFR

Malware Config

Targets

    • Target

      141ead4ee42ac5aea06601ca35a981af109baf11dee3b8d7bc25b88a47ecdba9

    • Size

      84KB

    • MD5

      f981bf58885f4a9fb7f30e40e9a6fbbb

    • SHA1

      3631e7672421c9e9c16abf8ea6c02d48e8e9f18a

    • SHA256

      141ead4ee42ac5aea06601ca35a981af109baf11dee3b8d7bc25b88a47ecdba9

    • SHA512

      b2a75a3ae9d755525a2ddde0d18b14bb7967c9249ec1039dffe1a920464f0c16608d193a98e804df2e3d7f651c25f7eeedcc6c8f0fd8452d065c65b9aa8a9479

    • SSDEEP

      1536:s7ZppApdII1grC35rtLgnTVoAUZY/ECGn6cmi8eEXcBxOBxIFR:spWpT9InTVsZYFG6cZxnOnIFR

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5031) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks