Overview

overview

7

Static

static

3

renmae.exe

windows7-x64

6

renmae.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    renmae.exe

  • Size

    23KB

  • Sample

    240504-tjj1madf26

  • MD5

    6838d8f7a93b769099e6b534398a3260

  • SHA1

    924154b1197b58e783fea2507c071081bdde3b51

  • SHA256

    2dfe7ea962b7c5fd23e9d710bae5aec1d2936c2500775658e410f8d68c5b4619

  • SHA512

    402909e024f30418ff0c9dc8738e4b363a1234e481c5d9dba237b15e6bb82de550562fe6a105625a2395c850bdaf4f2f43391ee9ab031f9aa9baa4e01ff9f12d

  • SSDEEP

    384:ILAkZtonVrxXDlX7sudaLi83hPLTuOm1sICJbt5j8KoQrJKdjT0:2AkZtK1lX7sxTITRBA

Score
7/10
persistence

Malware Config

Targets

    • Target

      renmae.exe

    • Size

      23KB

    • MD5

      6838d8f7a93b769099e6b534398a3260

    • SHA1

      924154b1197b58e783fea2507c071081bdde3b51

    • SHA256

      2dfe7ea962b7c5fd23e9d710bae5aec1d2936c2500775658e410f8d68c5b4619

    • SHA512

      402909e024f30418ff0c9dc8738e4b363a1234e481c5d9dba237b15e6bb82de550562fe6a105625a2395c850bdaf4f2f43391ee9ab031f9aa9baa4e01ff9f12d

    • SSDEEP

      384:ILAkZtonVrxXDlX7sudaLi83hPLTuOm1sICJbt5j8KoQrJKdjT0:2AkZtK1lX7sxTITRBA

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks