General

  • Target

    2f86dcd676a76fe8425e12a15c2425422740658aadf91dab808d0f75318cbdb7

  • Size

    134KB

  • Sample

    250605-pjl3rsxms8

  • MD5

    dcf51cc577293389d6bfb7ad921596d5

  • SHA1

    35fbcea92c6c3988d44e4f980f6f16e3a9ccf032

  • SHA256

    2f86dcd676a76fe8425e12a15c2425422740658aadf91dab808d0f75318cbdb7

  • SHA512

    15dec3bf01d2edb77d05f2e24897cef4b7acf7b46633c9cf164283c9ac91a8c927332ddd035eb3e1166be32acfc3ae3e882cf5e72a6a5b929788e6f7f7a23629

  • SSDEEP

    3072:spWpT9InTVsZYFG6cZA9InTVsZYFG6cZO:N59InTVsZOG6OA9InTVsZOG6OO

Malware Config

Targets

    • Target

      2f86dcd676a76fe8425e12a15c2425422740658aadf91dab808d0f75318cbdb7

    • Size

      134KB

    • MD5

      dcf51cc577293389d6bfb7ad921596d5

    • SHA1

      35fbcea92c6c3988d44e4f980f6f16e3a9ccf032

    • SHA256

      2f86dcd676a76fe8425e12a15c2425422740658aadf91dab808d0f75318cbdb7

    • SHA512

      15dec3bf01d2edb77d05f2e24897cef4b7acf7b46633c9cf164283c9ac91a8c927332ddd035eb3e1166be32acfc3ae3e882cf5e72a6a5b929788e6f7f7a23629

    • SSDEEP

      3072:spWpT9InTVsZYFG6cZA9InTVsZYFG6cZO:N59InTVsZOG6OA9InTVsZOG6OO

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (4857) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks