General

  • Target

    10a78e4dc952910a119e3d366dee4e39379c8dab7506552736be2455f4472dff

  • Size

    20KB

  • Sample

    250605-pjl3rsxms7

  • MD5

    2260b4a95da02e24ffdf81f4fed52930

  • SHA1

    b70a1b4bc407ee8cd7062c5b0812fd79e30111a8

  • SHA256

    10a78e4dc952910a119e3d366dee4e39379c8dab7506552736be2455f4472dff

  • SHA512

    4a21b8a86ff6eb39fdfcb8aed0483f77eff48505201a6d460df8ffc4e7a51036b618ffe3e51fa599218834f02a83402ba3769011811bb71addb524a093518ba7

  • SSDEEP

    384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOiOZ2OZG:s7BlpppARFbhdLz8ae+rOn8ae+rOy

Malware Config

Targets

    • Target

      10a78e4dc952910a119e3d366dee4e39379c8dab7506552736be2455f4472dff

    • Size

      20KB

    • MD5

      2260b4a95da02e24ffdf81f4fed52930

    • SHA1

      b70a1b4bc407ee8cd7062c5b0812fd79e30111a8

    • SHA256

      10a78e4dc952910a119e3d366dee4e39379c8dab7506552736be2455f4472dff

    • SHA512

      4a21b8a86ff6eb39fdfcb8aed0483f77eff48505201a6d460df8ffc4e7a51036b618ffe3e51fa599218834f02a83402ba3769011811bb71addb524a093518ba7

    • SSDEEP

      384:gBt7Br5xjL9AgA71FbhvP/KWLsqmFae+rOAqmFae+rOiOZ2OZG:s7BlpppARFbhdLz8ae+rOn8ae+rOy

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5265) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks