General

  • Target

    31e5de354b79269d1292d313370904b8d6ac58c82646744d5e122cb32cf11c5b

  • Size

    50KB

  • Sample

    250703-f1gpyavk15

  • MD5

    3c5289ce7e02a4476dad1198ecbd8487

  • SHA1

    050d50c336c79eb4979526a038561ded3bf2606f

  • SHA256

    31e5de354b79269d1292d313370904b8d6ac58c82646744d5e122cb32cf11c5b

  • SHA512

    eeb35a55baf76d4395d3c7a035ae331db268be27e4c03cbc2e30c390e4a51f6295d37dacee091da86d0565a0b079e1f8153e2504c2d7af4747a098b94a07321b

  • SSDEEP

    768:uZ4FLz8ae+rOn8ae+rOY6g1NGc1NGZgIZmoLiJfoLiJ6HpOqAZkZzX:uGIIoEKEkqqGzX

Malware Config

Targets

    • Target

      31e5de354b79269d1292d313370904b8d6ac58c82646744d5e122cb32cf11c5b

    • Size

      50KB

    • MD5

      3c5289ce7e02a4476dad1198ecbd8487

    • SHA1

      050d50c336c79eb4979526a038561ded3bf2606f

    • SHA256

      31e5de354b79269d1292d313370904b8d6ac58c82646744d5e122cb32cf11c5b

    • SHA512

      eeb35a55baf76d4395d3c7a035ae331db268be27e4c03cbc2e30c390e4a51f6295d37dacee091da86d0565a0b079e1f8153e2504c2d7af4747a098b94a07321b

    • SSDEEP

      768:uZ4FLz8ae+rOn8ae+rOY6g1NGc1NGZgIZmoLiJfoLiJ6HpOqAZkZzX:uGIIoEKEkqqGzX

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5197) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks