General
-
Target
df560fc453dbdb9ebbb5b28b72ae23db46036aa90a9955b824f99c577e4328d4
-
Size
158KB
-
Sample
250630-x9gjzassbt
-
MD5
5b021ddd70c29f096d0f964a07afe4cb
-
SHA1
5789f61d116fbb56098363616e058a7b307be921
-
SHA256
df560fc453dbdb9ebbb5b28b72ae23db46036aa90a9955b824f99c577e4328d4
-
SHA512
64e33f3d5a1182b0923a448d0dd95e2b8f72dce1af1dfc21f0a3358ef7419a24e677e97672bba907c17c8ffba0a140a46b5465016ba8f2f10d3ac97a52cf6e7f
-
SSDEEP
1536:uGIIoEKEQymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7Fs:cEKEQnzhQNv40j0PW1IrEfMtyhuO
Static task
static1
Behavioral task
behavioral1
Sample
df560fc453dbdb9ebbb5b28b72ae23db46036aa90a9955b824f99c577e4328d4.exe
Resource
win10v2004-20250619-en
Malware Config
Targets
-
-
Target
df560fc453dbdb9ebbb5b28b72ae23db46036aa90a9955b824f99c577e4328d4
-
Size
158KB
-
MD5
5b021ddd70c29f096d0f964a07afe4cb
-
SHA1
5789f61d116fbb56098363616e058a7b307be921
-
SHA256
df560fc453dbdb9ebbb5b28b72ae23db46036aa90a9955b824f99c577e4328d4
-
SHA512
64e33f3d5a1182b0923a448d0dd95e2b8f72dce1af1dfc21f0a3358ef7419a24e677e97672bba907c17c8ffba0a140a46b5465016ba8f2f10d3ac97a52cf6e7f
-
SSDEEP
1536:uGIIoEKEQymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7Fs:cEKEQnzhQNv40j0PW1IrEfMtyhuO
-
Cosmu family
-
Detects Cosmu payload
Cosmu is a worm written in C++.
-
Renames multiple (5203) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops file in System32 directory
-