General

  • Target

    31359b78ab8515598ad7d768ce325d634f885a8950e78cd5af9a411c10d41499

  • Size

    39KB

  • Sample

    250605-pjnxcsxmt3

  • MD5

    bc470ed5c0992f6debe01f730019f564

  • SHA1

    6d12f8129a131914369679bada1dfde485be0c96

  • SHA256

    31359b78ab8515598ad7d768ce325d634f885a8950e78cd5af9a411c10d41499

  • SHA512

    51e028e068efe822dc64a43e5d2ae13ca0ea553b55f097057afa558700c8326a9cccb75c24fd98d288f661a771bd36f1535ff01d3860806dc23072048107ce92

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvSJwsJw1:s7ZppApdIIJQP+UDQvSJwsJw1

Malware Config

Targets

    • Target

      31359b78ab8515598ad7d768ce325d634f885a8950e78cd5af9a411c10d41499

    • Size

      39KB

    • MD5

      bc470ed5c0992f6debe01f730019f564

    • SHA1

      6d12f8129a131914369679bada1dfde485be0c96

    • SHA256

      31359b78ab8515598ad7d768ce325d634f885a8950e78cd5af9a411c10d41499

    • SHA512

      51e028e068efe822dc64a43e5d2ae13ca0ea553b55f097057afa558700c8326a9cccb75c24fd98d288f661a771bd36f1535ff01d3860806dc23072048107ce92

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvSJwsJw1:s7ZppApdIIJQP+UDQvSJwsJw1

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5201) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks