General
-
Target
4a1a5ddd7806b147e00f76b22719abfe9ca382cd22bcfba5f7e8cb410f4db1b0
-
Size
37KB
-
Sample
250605-rhv1dsgk2x
-
MD5
63a97e2a202cff71076bc20e917f1a33
-
SHA1
7b9178dca4ab8ae0301e76c9922f6f4078030fdd
-
SHA256
4a1a5ddd7806b147e00f76b22719abfe9ca382cd22bcfba5f7e8cb410f4db1b0
-
SHA512
6a8754a9f173221a57190e964eca0d5f304bc37a0b9f1bbe867e17d845efa23d0c13d77370d85e82f84dffba2f529cfc3f7898aa4bf914fa9ff08a5524da4ee9
-
SSDEEP
768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvj:s7ZppApdIIJQP+UDQvj
Behavioral task
behavioral1
Sample
4a1a5ddd7806b147e00f76b22719abfe9ca382cd22bcfba5f7e8cb410f4db1b0.exe
Resource
win10v2004-20250502-en
Malware Config
Targets
-
-
Target
4a1a5ddd7806b147e00f76b22719abfe9ca382cd22bcfba5f7e8cb410f4db1b0
-
Size
37KB
-
MD5
63a97e2a202cff71076bc20e917f1a33
-
SHA1
7b9178dca4ab8ae0301e76c9922f6f4078030fdd
-
SHA256
4a1a5ddd7806b147e00f76b22719abfe9ca382cd22bcfba5f7e8cb410f4db1b0
-
SHA512
6a8754a9f173221a57190e964eca0d5f304bc37a0b9f1bbe867e17d845efa23d0c13d77370d85e82f84dffba2f529cfc3f7898aa4bf914fa9ff08a5524da4ee9
-
SSDEEP
768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvj:s7ZppApdIIJQP+UDQvj
Score10/10-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-