General

  • Target

    4a1a5ddd7806b147e00f76b22719abfe9ca382cd22bcfba5f7e8cb410f4db1b0

  • Size

    37KB

  • Sample

    250605-rhv1dsgk2x

  • MD5

    63a97e2a202cff71076bc20e917f1a33

  • SHA1

    7b9178dca4ab8ae0301e76c9922f6f4078030fdd

  • SHA256

    4a1a5ddd7806b147e00f76b22719abfe9ca382cd22bcfba5f7e8cb410f4db1b0

  • SHA512

    6a8754a9f173221a57190e964eca0d5f304bc37a0b9f1bbe867e17d845efa23d0c13d77370d85e82f84dffba2f529cfc3f7898aa4bf914fa9ff08a5524da4ee9

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvj:s7ZppApdIIJQP+UDQvj

Malware Config

Targets

    • Target

      4a1a5ddd7806b147e00f76b22719abfe9ca382cd22bcfba5f7e8cb410f4db1b0

    • Size

      37KB

    • MD5

      63a97e2a202cff71076bc20e917f1a33

    • SHA1

      7b9178dca4ab8ae0301e76c9922f6f4078030fdd

    • SHA256

      4a1a5ddd7806b147e00f76b22719abfe9ca382cd22bcfba5f7e8cb410f4db1b0

    • SHA512

      6a8754a9f173221a57190e964eca0d5f304bc37a0b9f1bbe867e17d845efa23d0c13d77370d85e82f84dffba2f529cfc3f7898aa4bf914fa9ff08a5524da4ee9

    • SSDEEP

      768:s7BlpppARFbhdLz8ae+rOn8ae+rO2aNQP+UDQvj:s7ZppApdIIJQP+UDQvj

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5198) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks