General

  • Target

    36ebf098f87ff1d85cc3f458af48005f6719a185bd9281ad96d5f89e045c79e0

  • Size

    111KB

  • Sample

    250605-rhtsbsgk2s

  • MD5

    455f1059ed1d13ddb1f96fca497dd5d2

  • SHA1

    429625b629e4627a0b49bf2caddf067d0bfe7678

  • SHA256

    36ebf098f87ff1d85cc3f458af48005f6719a185bd9281ad96d5f89e045c79e0

  • SHA512

    fd0056300bb134f3c9b91fdf1443b6d0b26eb8b4e620a50e27763ea02e1bf4d710fbda8f36fc4cee70c416736fa5cf2a90d4ad300e15c1e9668973c964563071

  • SSDEEP

    1536:uGIIxgrC35rtLVja0tzmAjUHjkja0tzmAjUHjPGIIxgrC35rtLVja0tzmAjUHjkf:N9j9b

Malware Config

Targets

    • Target

      36ebf098f87ff1d85cc3f458af48005f6719a185bd9281ad96d5f89e045c79e0

    • Size

      111KB

    • MD5

      455f1059ed1d13ddb1f96fca497dd5d2

    • SHA1

      429625b629e4627a0b49bf2caddf067d0bfe7678

    • SHA256

      36ebf098f87ff1d85cc3f458af48005f6719a185bd9281ad96d5f89e045c79e0

    • SHA512

      fd0056300bb134f3c9b91fdf1443b6d0b26eb8b4e620a50e27763ea02e1bf4d710fbda8f36fc4cee70c416736fa5cf2a90d4ad300e15c1e9668973c964563071

    • SSDEEP

      1536:uGIIxgrC35rtLVja0tzmAjUHjkja0tzmAjUHjPGIIxgrC35rtLVja0tzmAjUHjkf:N9j9b

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5101) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks