renamer | 786fc2e9d97d4ae4eacc2e3fca9025a5ddbcb2614486bbb1d0de86a069350a59 | Triage

Submit
Reports

Overview

overview

Static

static

786fc2e9d9...9N.exe

windows7-x64

786fc2e9d9...9N.exe

windows10-2004-x64

Sharing

General

Target

786fc2e9d97d4ae4eacc2e3fca9025a5ddbcb2614486bbb1d0de86a069350a59N.exe
Size

830KB
Sample

241118-ak16ratfnl
MD5

96794d67d008e874dbe6306607fa7270
SHA1

bf87b29ce6aee5426ff145cc1ff2f4f010df1c7c
SHA256

786fc2e9d97d4ae4eacc2e3fca9025a5ddbcb2614486bbb1d0de86a069350a59
SHA512

c7110d475c0e6b5c913806994e4db450c7bcafc27132749a6e48bb510342bcdd4bbaa5b6d8c4b9b5767cf2e6e83603ca2a0769936766032f6f3032633c71dc7b
SSDEEP

12288:OwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEpBv888888888888W88888P:eNzCtUpQ9WWPBSSRMTEpXNpB

Score

10^/10

renamer discovery persistence spyware stealer worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

786fc2e9d97d4ae4eacc2e3fca9025a5ddbcb2614486bbb1d0de86a069350a59N.exe

Resource

win7-20241010-en

renamer discovery persistence spyware stealer worm

windows7-x64

15 signatures

120 seconds

Behavioral task

behavioral2

Sample

786fc2e9d97d4ae4eacc2e3fca9025a5ddbcb2614486bbb1d0de86a069350a59N.exe

Resource

win10v2004-20241007-en

renamer discovery worm

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  786fc2e9d97d4ae4eacc2e3fca9025a5ddbcb2614486bbb1d0de86a069350a59N.exe
- Size
  
  830KB
- MD5
  
  96794d67d008e874dbe6306607fa7270
- SHA1
  
  bf87b29ce6aee5426ff145cc1ff2f4f010df1c7c
- SHA256
  
  786fc2e9d97d4ae4eacc2e3fca9025a5ddbcb2614486bbb1d0de86a069350a59
- SHA512
  
  c7110d475c0e6b5c913806994e4db450c7bcafc27132749a6e48bb510342bcdd4bbaa5b6d8c4b9b5767cf2e6e83603ca2a0769936766032f6f3032633c71dc7b
- SSDEEP
  
  12288:OwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEpBv888888888888W88888P:eNzCtUpQ9WWPBSSRMTEpXNpB
Score

10^/10

renamer discovery persistence spyware stealer worm
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Renamer family
  renamer
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

renamerdiscoverypersistencespywarestealerworm

behavioral2

renamerdiscoveryworm

© 2018-2024

Terms | Privacy