renamer | badde8efb1e6701180c01d0e72716c17d51158577f8a592a5e0396e777458426 | Triage

Submit
Reports

Overview

overview

Static

static

badde8efb1...26.exe

windows7-x64

badde8efb1...26.exe

windows10-2004-x64

Sharing

General

Target

badde8efb1e6701180c01d0e72716c17d51158577f8a592a5e0396e777458426.exe
Size

824KB
Sample

241124-flcgnsvnev
MD5

6c6edb9ebb069020bb7087df60dcb4e3
SHA1

e7bc3e43de1d51da7bcf2c91936dc90153a406c6
SHA256

badde8efb1e6701180c01d0e72716c17d51158577f8a592a5e0396e777458426
SHA512

d477ee7471d6ffa5152c58ddb48ba9cd324bf343de513fb30281c8ff93bc9751f44e1626fd67a760c1e313a26cbbc76d0a99c0ac1d1c9e4c5d131c6c6421fbe3
SSDEEP

12288:9wCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEc888888888888W88888885:xNzCtUpQ9WWPBSSRMTEpXNO

Score

10^/10

renamer discovery worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

badde8efb1e6701180c01d0e72716c17d51158577f8a592a5e0396e777458426.exe

Resource

win7-20240903-en

renamer discovery worm

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

badde8efb1e6701180c01d0e72716c17d51158577f8a592a5e0396e777458426.exe

Resource

win10v2004-20241007-en

renamer discovery worm

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  badde8efb1e6701180c01d0e72716c17d51158577f8a592a5e0396e777458426.exe
- Size
  
  824KB
- MD5
  
  6c6edb9ebb069020bb7087df60dcb4e3
- SHA1
  
  e7bc3e43de1d51da7bcf2c91936dc90153a406c6
- SHA256
  
  badde8efb1e6701180c01d0e72716c17d51158577f8a592a5e0396e777458426
- SHA512
  
  d477ee7471d6ffa5152c58ddb48ba9cd324bf343de513fb30281c8ff93bc9751f44e1626fd67a760c1e313a26cbbc76d0a99c0ac1d1c9e4c5d131c6c6421fbe3
- SSDEEP
  
  12288:9wCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEc888888888888W88888885:xNzCtUpQ9WWPBSSRMTEpXNO
Score

10^/10

renamer discovery worm
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Renamer family
  renamer
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Drops startup file
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

renamerdiscoveryworm

behavioral2

renamerdiscoveryworm

© 2018-2024

Terms | Privacy