General

  • Target

    5cb62a4bb0335163c6433c8e8133bebc29d4ce3a3ae33e61e3e8f1cff499dc58

  • Size

    91KB

  • Sample

    250703-f1jvasvk18

  • MD5

    57af631261f40e14ac3a1dc60efac9dc

  • SHA1

    456d6430cfd0a08fc4202152183acefb0cd88034

  • SHA256

    5cb62a4bb0335163c6433c8e8133bebc29d4ce3a3ae33e61e3e8f1cff499dc58

  • SHA512

    18ed94eafc3a71cbf0389d899064abea02aa4a08588b577b3ea2478e13fe357ea0aa9dc8669d5f46e476c356312bc4bfde7e834c06b0a53d8220d1d3c96ad64a

  • SSDEEP

    1536:s7ZppApdIIoEKEkqR2pcbOaqd4ujksMOtYSlN:spWp6EKEL2pcbOaM4ujkwlN

Malware Config

Targets

    • Target

      5cb62a4bb0335163c6433c8e8133bebc29d4ce3a3ae33e61e3e8f1cff499dc58

    • Size

      91KB

    • MD5

      57af631261f40e14ac3a1dc60efac9dc

    • SHA1

      456d6430cfd0a08fc4202152183acefb0cd88034

    • SHA256

      5cb62a4bb0335163c6433c8e8133bebc29d4ce3a3ae33e61e3e8f1cff499dc58

    • SHA512

      18ed94eafc3a71cbf0389d899064abea02aa4a08588b577b3ea2478e13fe357ea0aa9dc8669d5f46e476c356312bc4bfde7e834c06b0a53d8220d1d3c96ad64a

    • SSDEEP

      1536:s7ZppApdIIoEKEkqR2pcbOaqd4ujksMOtYSlN:spWp6EKEL2pcbOaM4ujkwlN

    • Cosmu

      Cosmu is a Windows worm written in C++.

    • Cosmu family

    • Detects Cosmu payload

      Cosmu is a worm written in C++.

    • Renames multiple (5012) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

MITRE ATT&CK Enterprise v16

Tasks