General

  • Target

    96686824ff7bbde8baf17271fabbadaac31e97197bae0631ce8f87976d82c02d

  • Size

    24KB

  • Sample

    250605-qdk4ysdr7y

  • MD5

    d7d489dd3fd655bd42deb920c9d72a43

  • SHA1

    ff5e6551e7910365ef0f0aa5b9fd74c68e00523b

  • SHA256

    96686824ff7bbde8baf17271fabbadaac31e97197bae0631ce8f87976d82c02d

  • SHA512

    43ef32ab55dcb8a6eb2d771c545e0692698ee8e33d7162052315d96b45ce781cf6c150041ff84023755985dddee2f6eb4e816f26b0e6677573e6aed6eb571c70

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOb83osGOUiuJtfosGOUiuJtv:s7ZppApdIIC0e

Malware Config

Targets

    • Target

      96686824ff7bbde8baf17271fabbadaac31e97197bae0631ce8f87976d82c02d

    • Size

      24KB

    • MD5

      d7d489dd3fd655bd42deb920c9d72a43

    • SHA1

      ff5e6551e7910365ef0f0aa5b9fd74c68e00523b

    • SHA256

      96686824ff7bbde8baf17271fabbadaac31e97197bae0631ce8f87976d82c02d

    • SHA512

      43ef32ab55dcb8a6eb2d771c545e0692698ee8e33d7162052315d96b45ce781cf6c150041ff84023755985dddee2f6eb4e816f26b0e6677573e6aed6eb571c70

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOb83osGOUiuJtfosGOUiuJtv:s7ZppApdIIC0e

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5015) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks