General
-
Target
36ebf098f87ff1d85cc3f458af48005f6719a185bd9281ad96d5f89e045c79e0
-
Size
111KB
-
Sample
250605-rhtsbsgk2s
-
MD5
455f1059ed1d13ddb1f96fca497dd5d2
-
SHA1
429625b629e4627a0b49bf2caddf067d0bfe7678
-
SHA256
36ebf098f87ff1d85cc3f458af48005f6719a185bd9281ad96d5f89e045c79e0
-
SHA512
fd0056300bb134f3c9b91fdf1443b6d0b26eb8b4e620a50e27763ea02e1bf4d710fbda8f36fc4cee70c416736fa5cf2a90d4ad300e15c1e9668973c964563071
-
SSDEEP
1536:uGIIxgrC35rtLVja0tzmAjUHjkja0tzmAjUHjPGIIxgrC35rtLVja0tzmAjUHjkf:N9j9b
Static task
static1
Behavioral task
behavioral1
Sample
36ebf098f87ff1d85cc3f458af48005f6719a185bd9281ad96d5f89e045c79e0.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
36ebf098f87ff1d85cc3f458af48005f6719a185bd9281ad96d5f89e045c79e0
-
Size
111KB
-
MD5
455f1059ed1d13ddb1f96fca497dd5d2
-
SHA1
429625b629e4627a0b49bf2caddf067d0bfe7678
-
SHA256
36ebf098f87ff1d85cc3f458af48005f6719a185bd9281ad96d5f89e045c79e0
-
SHA512
fd0056300bb134f3c9b91fdf1443b6d0b26eb8b4e620a50e27763ea02e1bf4d710fbda8f36fc4cee70c416736fa5cf2a90d4ad300e15c1e9668973c964563071
-
SSDEEP
1536:uGIIxgrC35rtLVja0tzmAjUHjkja0tzmAjUHjPGIIxgrC35rtLVja0tzmAjUHjkf:N9j9b
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5101) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-