General

  • Target

    4aeeb97b42988bf09747f6196a200f5ffc3a7226a4598a6ea9f563c388e4264a

  • Size

    50KB

  • Sample

    250605-rh17eayny3

  • MD5

    ec99985088c362e33fbe44775b023823

  • SHA1

    6d9977f6e609695eb686f4f0f7b9a3a9e6bcbb33

  • SHA256

    4aeeb97b42988bf09747f6196a200f5ffc3a7226a4598a6ea9f563c388e4264a

  • SHA512

    9c5af42fe13cf99e736ce88cebeb6e30edb8178f0370eaa24b150d032f39d8de0bb655120a9f5071587a5f28e27f7014afe611dd42cbe78a409f0cdfafb197e4

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOx656tAZ4FLz8ae+rOn8ae+rOx656tBGUNGUg:s7ZppApdII0M2GII0MuF

Malware Config

Targets

    • Target

      4aeeb97b42988bf09747f6196a200f5ffc3a7226a4598a6ea9f563c388e4264a

    • Size

      50KB

    • MD5

      ec99985088c362e33fbe44775b023823

    • SHA1

      6d9977f6e609695eb686f4f0f7b9a3a9e6bcbb33

    • SHA256

      4aeeb97b42988bf09747f6196a200f5ffc3a7226a4598a6ea9f563c388e4264a

    • SHA512

      9c5af42fe13cf99e736ce88cebeb6e30edb8178f0370eaa24b150d032f39d8de0bb655120a9f5071587a5f28e27f7014afe611dd42cbe78a409f0cdfafb197e4

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOx656tAZ4FLz8ae+rOn8ae+rOx656tBGUNGUg:s7ZppApdII0M2GII0MuF

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5134) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks