General

  • Target

    50b7cb6c529df4482bb9450965f63cf67319f94bf3235b719dce4322f559590a

  • Size

    25KB

  • Sample

    250605-rh871sgk4s

  • MD5

    f1434d125dd0bd8793412c2206147ee6

  • SHA1

    5c0c82b9b24d861c09dc3d48c79273ef37ff4883

  • SHA256

    50b7cb6c529df4482bb9450965f63cf67319f94bf3235b719dce4322f559590a

  • SHA512

    dcb89cec5ab3488fde4e12e9fd4cf790b1bda9219acdefe1b871225b684a6c251947fa2be142f0c11ec84717ea7b1a21d693aa3f8fc34172e8a05d3c686ade39

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOWd0zKoKb:s7ZppApdIIBzHu

Malware Config

Targets

    • Target

      50b7cb6c529df4482bb9450965f63cf67319f94bf3235b719dce4322f559590a

    • Size

      25KB

    • MD5

      f1434d125dd0bd8793412c2206147ee6

    • SHA1

      5c0c82b9b24d861c09dc3d48c79273ef37ff4883

    • SHA256

      50b7cb6c529df4482bb9450965f63cf67319f94bf3235b719dce4322f559590a

    • SHA512

      dcb89cec5ab3488fde4e12e9fd4cf790b1bda9219acdefe1b871225b684a6c251947fa2be142f0c11ec84717ea7b1a21d693aa3f8fc34172e8a05d3c686ade39

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rOWd0zKoKb:s7ZppApdIIBzHu

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5246) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks