renamer | 4a0307789fcc9e442addd51748e312b4b50e8d97d17fdb8dcda394ab476d6e7d | Triage

Submit
Reports

Overview

overview

Static

static

4a0307789f...dN.exe

windows7-x64

4a0307789f...dN.exe

windows10-2004-x64

Sharing

General

Target

4a0307789fcc9e442addd51748e312b4b50e8d97d17fdb8dcda394ab476d6e7dN
Size

824KB
Sample

241006-wk75ys1gpe
MD5

b2b19b0fecc3fe9ba8fa053dfdc6b310
SHA1

e394d74c6983595a0366c4f856dbc2cd534c691e
SHA256

4a0307789fcc9e442addd51748e312b4b50e8d97d17fdb8dcda394ab476d6e7d
SHA512

c359c75e815b89e07baa21e3e6b0d5f82f11a1d1be554cfd70d0882c7b9eb4128519f0fc04e36c8f414d390c87661948fa1fc569fba15e4c26e0ee7fa850022c
SSDEEP

12288:UwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEEa888888888888W888888E:kNzCtUpQ9WWPBSSRMTEpXNV

Score

10^/10

renamer discovery worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

4a0307789fcc9e442addd51748e312b4b50e8d97d17fdb8dcda394ab476d6e7dN.exe

Resource

win7-20240704-en

renamer discovery worm

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

4a0307789fcc9e442addd51748e312b4b50e8d97d17fdb8dcda394ab476d6e7dN.exe

Resource

win10v2004-20240802-en

renamer discovery worm

windows10-2004-x64

8 signatures

120 seconds

Malware Config

Targets

- Target
  
  4a0307789fcc9e442addd51748e312b4b50e8d97d17fdb8dcda394ab476d6e7dN
- Size
  
  824KB
- MD5
  
  b2b19b0fecc3fe9ba8fa053dfdc6b310
- SHA1
  
  e394d74c6983595a0366c4f856dbc2cd534c691e
- SHA256
  
  4a0307789fcc9e442addd51748e312b4b50e8d97d17fdb8dcda394ab476d6e7d
- SHA512
  
  c359c75e815b89e07baa21e3e6b0d5f82f11a1d1be554cfd70d0882c7b9eb4128519f0fc04e36c8f414d390c87661948fa1fc569fba15e4c26e0ee7fa850022c
- SSDEEP
  
  12288:UwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEEa888888888888W888888E:kNzCtUpQ9WWPBSSRMTEpXNV
Score

10^/10

renamer discovery worm
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Drops startup file
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

renamerdiscoveryworm

behavioral2

renamerdiscoveryworm

© 2018-2024

Terms | Privacy