General

  • Target

    3075c815028a92015e144acb0aa582e71d06503b58ea0ab3f09e51fb59fa3dd5

  • Size

    153KB

  • Sample

    250701-jx627sdq2s

  • MD5

    c118029f0ec45fec335fe0edfb3b4d5c

  • SHA1

    1ce535a201edb3fe8f4017eca785fe37a480d169

  • SHA256

    3075c815028a92015e144acb0aa582e71d06503b58ea0ab3f09e51fb59fa3dd5

  • SHA512

    8f7d47336ada1c95906738db86a8100b19f88717e6ac16047941ff1f11d45c24c7ee67ead24351cd0d47f6bd799ca1721886fe8934bf962155acbffeab795a8f

  • SSDEEP

    1536:uGII1GgymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7F0:BnzhQNv40j0PW1IrEfMtyhuG

Malware Config

Targets

    • Target

      3075c815028a92015e144acb0aa582e71d06503b58ea0ab3f09e51fb59fa3dd5

    • Size

      153KB

    • MD5

      c118029f0ec45fec335fe0edfb3b4d5c

    • SHA1

      1ce535a201edb3fe8f4017eca785fe37a480d169

    • SHA256

      3075c815028a92015e144acb0aa582e71d06503b58ea0ab3f09e51fb59fa3dd5

    • SHA512

      8f7d47336ada1c95906738db86a8100b19f88717e6ac16047941ff1f11d45c24c7ee67ead24351cd0d47f6bd799ca1721886fe8934bf962155acbffeab795a8f

    • SSDEEP

      1536:uGII1GgymvG4PDo2DhA3lr1fBY4iKos40wm0PW1IrqJfMtQlD8x89u7F0:BnzhQNv40j0PW1IrEfMtyhuG

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5127) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks