Overview

overview

10

Static

static

3

0a6d88e0e2...8N.exe

windows7-x64

7

0a6d88e0e2...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a6d88e0e25fc2d08af26da2de847c09c078942b06ce19adc0c06f44f5b3c5f8N

  • Size

    1.2MB

  • Sample

    241004-2htsfazerl

  • MD5

    0aaaf1668decb824d75242df795ee7b0

  • SHA1

    df803cfda6898ce64d5a5d498875c324b1b17f2e

  • SHA256

    0a6d88e0e25fc2d08af26da2de847c09c078942b06ce19adc0c06f44f5b3c5f8

  • SHA512

    2b746820c3cb54cd3978c2596f64db59d451481ec93dc6c454590f67902487ec691a76fb6b5c93b0945e3a4c02277004cd08cadc45b338674f67f64794bf8d34

  • SSDEEP

    24576:Rj/ZAILiXtDtrn+LCHVYmpRqQYAe9GIdUfd40Qb4B/cWy52:RT+gibn++HV3pcQY7bdU1Qu/BM2

Score
10/10
renamerdiscoverypersistenceworm

Malware Config

Targets

    • Target

      0a6d88e0e25fc2d08af26da2de847c09c078942b06ce19adc0c06f44f5b3c5f8N

    • Size

      1.2MB

    • MD5

      0aaaf1668decb824d75242df795ee7b0

    • SHA1

      df803cfda6898ce64d5a5d498875c324b1b17f2e

    • SHA256

      0a6d88e0e25fc2d08af26da2de847c09c078942b06ce19adc0c06f44f5b3c5f8

    • SHA512

      2b746820c3cb54cd3978c2596f64db59d451481ec93dc6c454590f67902487ec691a76fb6b5c93b0945e3a4c02277004cd08cadc45b338674f67f64794bf8d34

    • SSDEEP

      24576:Rj/ZAILiXtDtrn+LCHVYmpRqQYAe9GIdUfd40Qb4B/cWy52:RT+gibn++HV3pcQY7bdU1Qu/BM2

    Score
    10/10
    discoverypersistencerenamerworm

    • Detects Renamer worm.

      Renamer aka Grename is worm written in Delphi.

    • Renamer, Grenam

      Renamer aka Grenam is a worm written in Delphi.

      wormrenamer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks