renamer | 3f0804c202221829e3dbf551a44a1e2963fe9edae3d9682f95613bbb3b45617f | Triage

Submit
Reports

Overview

overview

Static

static

3f0804c202...7f.exe

windows7-x64

3f0804c202...7f.exe

windows10-2004-x64

Sharing

General

Target

3f0804c202221829e3dbf551a44a1e2963fe9edae3d9682f95613bbb3b45617f
Size

824KB
Sample

241018-zrxvcaxhka
MD5

a35a193808bc83dc67a92d93f327f048
SHA1

a746c31ecaca3c0f8cb6cd12a94e2eb278059411
SHA256

3f0804c202221829e3dbf551a44a1e2963fe9edae3d9682f95613bbb3b45617f
SHA512

c609a0199d1d51935637ea6719aebc4d18a7b0b2f46ab1104c9d99bd5f51b49b9ab271b588201d90ad1b751479c0f7832b42643f3489cff648660cc54dcce1a0
SSDEEP

12288:cwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4MhozE1888888888888W8888888J:cNzCtUpQ9WWPBSSRMTEpBNt

Score

10^/10

renamer discovery worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3f0804c202221829e3dbf551a44a1e2963fe9edae3d9682f95613bbb3b45617f.exe

Resource

win7-20240903-en

renamer discovery worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

3f0804c202221829e3dbf551a44a1e2963fe9edae3d9682f95613bbb3b45617f.exe

Resource

win10v2004-20241007-en

renamer discovery worm

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  3f0804c202221829e3dbf551a44a1e2963fe9edae3d9682f95613bbb3b45617f
- Size
  
  824KB
- MD5
  
  a35a193808bc83dc67a92d93f327f048
- SHA1
  
  a746c31ecaca3c0f8cb6cd12a94e2eb278059411
- SHA256
  
  3f0804c202221829e3dbf551a44a1e2963fe9edae3d9682f95613bbb3b45617f
- SHA512
  
  c609a0199d1d51935637ea6719aebc4d18a7b0b2f46ab1104c9d99bd5f51b49b9ab271b588201d90ad1b751479c0f7832b42643f3489cff648660cc54dcce1a0
- SSDEEP
  
  12288:cwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4MhozE1888888888888W8888888J:cNzCtUpQ9WWPBSSRMTEpBNt
Score

10^/10

renamer discovery worm
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Drops startup file
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

renamerdiscoveryworm

behavioral2

renamerdiscoveryworm

© 2018-2024

Terms | Privacy