Overview

overview

10

Static

static

10

0c7e718e6b...18.exe

windows7-x64

10

0c7e718e6b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c7e718e6b3abd7a8f15802ab141753c_JaffaCakes118

  • Size

    816KB

  • Sample

    241002-z6x4na1dka

  • MD5

    0c7e718e6b3abd7a8f15802ab141753c

  • SHA1

    01edf4f90134d09b961c19b732febd7551c2d619

  • SHA256

    9c34ea1cd4566f0fcc8a290eeb72883259a86d950ea7e42db1b35e921a69a57d

  • SHA512

    15564bed3a73c33daf4f3e22fc63980d756f9dd425248a0715506bd048dabf6fbad4d383a588fe17e92bf67632d4b9d1a8e328947979a7209d57f1b2ce3e2903

  • SSDEEP

    12288:gqkAx8i7pC8PapFTUt6xIuFrb9OKcEKfBKSNqvnSNgFCV4tuRa888888888888WX:N8i7pjPapFTUt6xIyHGBKSNqvn5m4tkL

Score
10/10
renamerdiscoverypersistenceworm

Malware Config

Targets

    • Target

      0c7e718e6b3abd7a8f15802ab141753c_JaffaCakes118

    • Size

      816KB

    • MD5

      0c7e718e6b3abd7a8f15802ab141753c

    • SHA1

      01edf4f90134d09b961c19b732febd7551c2d619

    • SHA256

      9c34ea1cd4566f0fcc8a290eeb72883259a86d950ea7e42db1b35e921a69a57d

    • SHA512

      15564bed3a73c33daf4f3e22fc63980d756f9dd425248a0715506bd048dabf6fbad4d383a588fe17e92bf67632d4b9d1a8e328947979a7209d57f1b2ce3e2903

    • SSDEEP

      12288:gqkAx8i7pC8PapFTUt6xIuFrb9OKcEKfBKSNqvnSNgFCV4tuRa888888888888WX:N8i7pjPapFTUt6xIyHGBKSNqvn5m4tkL

    Score
    10/10
    renamerdiscoverypersistenceworm

    • Detects Renamer worm.

      Renamer aka Grename is worm written in Delphi.

    • Renamer, Grenam

      Renamer aka Grenam is a worm written in Delphi.

      wormrenamer

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks