renamer | 55fd5b56360ebe550e2886062c8efeea22d4035b27700c76a2223bb38665ff94 | Triage

Submit
Reports

Overview

overview

Static

static

55fd5b5636...94.exe

windows7-x64

55fd5b5636...94.exe

windows10-2004-x64

Sharing

General

Target

55fd5b56360ebe550e2886062c8efeea22d4035b27700c76a2223bb38665ff94
Size

824KB
Sample

241009-zzeczaycph
MD5

4dd80bfb7e951cf3f1f828f2da645335
SHA1

70ac16ef6dbd68940681b41fe042d3123794abb6
SHA256

55fd5b56360ebe550e2886062c8efeea22d4035b27700c76a2223bb38665ff94
SHA512

7eef379db433fe8609ef067e40f2bce20e7034a75868f8c9d3fe56eab74d4096a7be1d768d759de27e5fa29184fcc223a4fc25d4c566f583757fb47fc8613dfd
SSDEEP

12288:3wCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozE5888888888888W8888888J:jNzCtUpQ9WWPBSSRMTEpXNp

Score

10^/10

renamer discovery worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

55fd5b56360ebe550e2886062c8efeea22d4035b27700c76a2223bb38665ff94.exe

Resource

win7-20240729-en

renamer discovery worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

55fd5b56360ebe550e2886062c8efeea22d4035b27700c76a2223bb38665ff94.exe

Resource

win10v2004-20241007-en

renamer discovery worm

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  55fd5b56360ebe550e2886062c8efeea22d4035b27700c76a2223bb38665ff94
- Size
  
  824KB
- MD5
  
  4dd80bfb7e951cf3f1f828f2da645335
- SHA1
  
  70ac16ef6dbd68940681b41fe042d3123794abb6
- SHA256
  
  55fd5b56360ebe550e2886062c8efeea22d4035b27700c76a2223bb38665ff94
- SHA512
  
  7eef379db433fe8609ef067e40f2bce20e7034a75868f8c9d3fe56eab74d4096a7be1d768d759de27e5fa29184fcc223a4fc25d4c566f583757fb47fc8613dfd
- SSDEEP
  
  12288:3wCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozE5888888888888W8888888J:jNzCtUpQ9WWPBSSRMTEpXNp
Score

10^/10

renamer discovery worm
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Drops startup file
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

renamerdiscoveryworm

behavioral2

renamerdiscoveryworm

© 2018-2024

Terms | Privacy