General
-
Target
e2667a1769bd8eafb36bc395744f55d16aeaa68f2f3a16ae861d28a39f1f0670N
-
Size
1.2MB
-
Sample
241006-vsg33azcla
-
MD5
a5b8ec0001c189730d9512322f2df970
-
SHA1
22f22f8fcbee6f659e0f4c5b0945435a3961dd28
-
SHA256
e2667a1769bd8eafb36bc395744f55d16aeaa68f2f3a16ae861d28a39f1f0670
-
SHA512
81ddd3300625c00c3394498a4d7827a4c4880e1792c7d1f2257bae8e20b4d6265b25fd0b21a045adaf11e6408623053ae4a7620b4431df9f4806ed134d11aa90
-
SSDEEP
24576:D9rCMNQ/IrLGNu0WjT9tT392gLoB8Duqs6MxYBe:D8SPGu0W1tT392gLoJ+B
Malware Config
Targets
-
-
Target
e2667a1769bd8eafb36bc395744f55d16aeaa68f2f3a16ae861d28a39f1f0670N
-
Size
1.2MB
-
MD5
a5b8ec0001c189730d9512322f2df970
-
SHA1
22f22f8fcbee6f659e0f4c5b0945435a3961dd28
-
SHA256
e2667a1769bd8eafb36bc395744f55d16aeaa68f2f3a16ae861d28a39f1f0670
-
SHA512
81ddd3300625c00c3394498a4d7827a4c4880e1792c7d1f2257bae8e20b4d6265b25fd0b21a045adaf11e6408623053ae4a7620b4431df9f4806ed134d11aa90
-
SSDEEP
24576:D9rCMNQ/IrLGNu0WjT9tT392gLoB8Duqs6MxYBe:D8SPGu0W1tT392gLoJ+B
Score10/10-
Detects Renamer worm.
Renamer aka Grename is worm written in Delphi.
-
Renamer, Grenam
Renamer aka Grenam is a worm written in Delphi.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-