General

  • Target

    df560fc453dbdb9ebbb5b28b72ae23db46036aa90a9955b824f99c577e4328d4

  • Size

    158KB

  • Sample

    250630-x9gjzassbt

  • MD5

    5b021ddd70c29f096d0f964a07afe4cb

  • SHA1

    5789f61d116fbb56098363616e058a7b307be921

  • SHA256

    df560fc453dbdb9ebbb5b28b72ae23db46036aa90a9955b824f99c577e4328d4

  • SHA512

    64e33f3d5a1182b0923a448d0dd95e2b8f72dce1af1dfc21f0a3358ef7419a24e677e97672bba907c17c8ffba0a140a46b5465016ba8f2f10d3ac97a52cf6e7f

  • SSDEEP

    1536:uGIIoEKEQymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7Fs:cEKEQnzhQNv40j0PW1IrEfMtyhuO

Malware Config

Targets

    • Target

      df560fc453dbdb9ebbb5b28b72ae23db46036aa90a9955b824f99c577e4328d4

    • Size

      158KB

    • MD5

      5b021ddd70c29f096d0f964a07afe4cb

    • SHA1

      5789f61d116fbb56098363616e058a7b307be921

    • SHA256

      df560fc453dbdb9ebbb5b28b72ae23db46036aa90a9955b824f99c577e4328d4

    • SHA512

      64e33f3d5a1182b0923a448d0dd95e2b8f72dce1af1dfc21f0a3358ef7419a24e677e97672bba907c17c8ffba0a140a46b5465016ba8f2f10d3ac97a52cf6e7f

    • SSDEEP

      1536:uGIIoEKEQymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7Fs:cEKEQnzhQNv40j0PW1IrEfMtyhuO

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5203) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks