General

  • Target

    922d8aef8081d666f0d65dee9990a180e4ca102bcaf0215e31edc7ffaba8d648

  • Size

    103KB

  • Sample

    250605-qdmb1sdr8x

  • MD5

    e69589355cf7f04024d2bc03bed60235

  • SHA1

    34f64fe90d7d88fc64fc5ec5c19aa0f97361603b

  • SHA256

    922d8aef8081d666f0d65dee9990a180e4ca102bcaf0215e31edc7ffaba8d648

  • SHA512

    53cdb8f8fc68db016ee6d892b5dc3da634987cfb99d938991483731800a1bc4dfca72ea3fe2c6789c9e466411f1979c7deee02038a961508fe85be44f329fe95

  • SSDEEP

    1536:s7ZppApdIIyBoLqrNkW1zN0m0lG1tETSA6FLtOJMBb:spWpsBsqrNkMzN0mx7Sr6Rp

Malware Config

Targets

    • Target

      922d8aef8081d666f0d65dee9990a180e4ca102bcaf0215e31edc7ffaba8d648

    • Size

      103KB

    • MD5

      e69589355cf7f04024d2bc03bed60235

    • SHA1

      34f64fe90d7d88fc64fc5ec5c19aa0f97361603b

    • SHA256

      922d8aef8081d666f0d65dee9990a180e4ca102bcaf0215e31edc7ffaba8d648

    • SHA512

      53cdb8f8fc68db016ee6d892b5dc3da634987cfb99d938991483731800a1bc4dfca72ea3fe2c6789c9e466411f1979c7deee02038a961508fe85be44f329fe95

    • SSDEEP

      1536:s7ZppApdIIyBoLqrNkW1zN0m0lG1tETSA6FLtOJMBb:spWpsBsqrNkMzN0mx7Sr6Rp

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (4875) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks