renamer | c589a6da8285b49acb9249bd2d2267c081285b72bea743485d4a3674813c2ebf | Triage

Submit
Reports

Overview

overview

Static

static

c589a6da82...fN.exe

windows7-x64

c589a6da82...fN.exe

windows10-2004-x64

Sharing

General

Target

c589a6da8285b49acb9249bd2d2267c081285b72bea743485d4a3674813c2ebfN
Size

827KB
Sample

241014-smlg7avfqk
MD5

67f4cf00b29746dfc59f1871385c14a0
SHA1

6f7f45da87a829883c0d4130a9220553c3440494
SHA256

c589a6da8285b49acb9249bd2d2267c081285b72bea743485d4a3674813c2ebf
SHA512

3de11bc08e1777e81d57d9380a10327c4cf9bbe0a55d61e6a66050a5c36a56b84cd5737012f30ab9f1c2575b431bb8e6a5ce2daa48d42dbd977784f92fc1b0b8
SSDEEP

12288:KwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEo888888888888W8888888B:qNzCtUpQ9WWPBSSRMTEpXNa

Score

10^/10

renamer discovery worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

c589a6da8285b49acb9249bd2d2267c081285b72bea743485d4a3674813c2ebfN.exe

Resource

win7-20241010-en

renamer discovery worm

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

c589a6da8285b49acb9249bd2d2267c081285b72bea743485d4a3674813c2ebfN.exe

Resource

win10v2004-20241007-en

renamer discovery worm

windows10-2004-x64

8 signatures

120 seconds

Malware Config

Targets

- Target
  
  c589a6da8285b49acb9249bd2d2267c081285b72bea743485d4a3674813c2ebfN
- Size
  
  827KB
- MD5
  
  67f4cf00b29746dfc59f1871385c14a0
- SHA1
  
  6f7f45da87a829883c0d4130a9220553c3440494
- SHA256
  
  c589a6da8285b49acb9249bd2d2267c081285b72bea743485d4a3674813c2ebf
- SHA512
  
  3de11bc08e1777e81d57d9380a10327c4cf9bbe0a55d61e6a66050a5c36a56b84cd5737012f30ab9f1c2575b431bb8e6a5ce2daa48d42dbd977784f92fc1b0b8
- SSDEEP
  
  12288:KwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEo888888888888W8888888B:qNzCtUpQ9WWPBSSRMTEpXNa
Score

10^/10

renamer discovery worm
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Drops startup file
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

renamerdiscoveryworm

behavioral2

renamerdiscoveryworm

© 2018-2024

Terms | Privacy