renamer | 570c5fcfe5eb68ace243e2e5501c3bfe90262f93f1e24503766c81a149f4b283 | Triage

Submit
Reports

Overview

overview

Static

static

570c5fcfe5...3N.exe

windows7-x64

570c5fcfe5...3N.exe

windows10-2004-x64

Sharing

General

Target

570c5fcfe5eb68ace243e2e5501c3bfe90262f93f1e24503766c81a149f4b283N.exe
Size

824KB
Sample

241126-bbdvjaslhr
MD5

21c2f463a6817c51ad7ea4b50c262ce0
SHA1

6def3f46725ea619a8482d13b4ef973ec6903612
SHA256

570c5fcfe5eb68ace243e2e5501c3bfe90262f93f1e24503766c81a149f4b283
SHA512

beeeb8c3ee55f943c4f61f7e48d296e967f9586ad5283ba94071a6e2b707af88bef470f53b889846265f34777d68be12853701c0f7f7797c29c7775205d80af4
SSDEEP

12288:RwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEY888888888888W8888888J:VNzCtUpQ9WWPBSSRMTEpXNy

Score

10^/10

renamer discovery worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

570c5fcfe5eb68ace243e2e5501c3bfe90262f93f1e24503766c81a149f4b283N.exe

Resource

win7-20240903-en

renamer discovery worm

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

570c5fcfe5eb68ace243e2e5501c3bfe90262f93f1e24503766c81a149f4b283N.exe

Resource

win10v2004-20241007-en

renamer discovery worm

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  570c5fcfe5eb68ace243e2e5501c3bfe90262f93f1e24503766c81a149f4b283N.exe
- Size
  
  824KB
- MD5
  
  21c2f463a6817c51ad7ea4b50c262ce0
- SHA1
  
  6def3f46725ea619a8482d13b4ef973ec6903612
- SHA256
  
  570c5fcfe5eb68ace243e2e5501c3bfe90262f93f1e24503766c81a149f4b283
- SHA512
  
  beeeb8c3ee55f943c4f61f7e48d296e967f9586ad5283ba94071a6e2b707af88bef470f53b889846265f34777d68be12853701c0f7f7797c29c7775205d80af4
- SSDEEP
  
  12288:RwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEY888888888888W8888888J:VNzCtUpQ9WWPBSSRMTEpXNy
Score

10^/10

renamer discovery worm
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Renamer family
  renamer
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Drops startup file
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

renamerdiscoveryworm

behavioral2

renamerdiscoveryworm

© 2018-2024

Terms | Privacy