renamer | 05868c7c70eb9741feece2ffe9e3e6929817ff9881e6e35c7bfbab3e55a93532 | Triage

Submit
Reports

Overview

overview

Static

static

05868c7c70...2N.exe

windows7-x64

05868c7c70...2N.exe

windows10-2004-x64

Sharing

General

Target

05868c7c70eb9741feece2ffe9e3e6929817ff9881e6e35c7bfbab3e55a93532N.exe
Size

827KB
Sample

241216-n2vbeszqhk
MD5

3cf87859510fbe634050ee5ae9579210
SHA1

1a46cd844ea9469b4c66cf2de405537ef677c492
SHA256

05868c7c70eb9741feece2ffe9e3e6929817ff9881e6e35c7bfbab3e55a93532
SHA512

21cf943fad634102cf57f40f62a7ed518742e80a4d763544496e2bbedfbefee31256ea037989b14b982b236587a4c9c835bb09622e015bf349d62db4cc18a9ad
SSDEEP

12288:dwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEc888888888888W8888888B:RNzCtUpQ9WWPBSSRMTEpXNm

Score

10^/10

renamer discovery worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

05868c7c70eb9741feece2ffe9e3e6929817ff9881e6e35c7bfbab3e55a93532N.exe

Resource

win7-20241023-en

renamer discovery worm

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

05868c7c70eb9741feece2ffe9e3e6929817ff9881e6e35c7bfbab3e55a93532N.exe

Resource

win10v2004-20241007-en

renamer discovery worm

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  05868c7c70eb9741feece2ffe9e3e6929817ff9881e6e35c7bfbab3e55a93532N.exe
- Size
  
  827KB
- MD5
  
  3cf87859510fbe634050ee5ae9579210
- SHA1
  
  1a46cd844ea9469b4c66cf2de405537ef677c492
- SHA256
  
  05868c7c70eb9741feece2ffe9e3e6929817ff9881e6e35c7bfbab3e55a93532
- SHA512
  
  21cf943fad634102cf57f40f62a7ed518742e80a4d763544496e2bbedfbefee31256ea037989b14b982b236587a4c9c835bb09622e015bf349d62db4cc18a9ad
- SSDEEP
  
  12288:dwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEc888888888888W8888888B:RNzCtUpQ9WWPBSSRMTEpXNm
Score

10^/10

renamer discovery worm
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Renamer family
  renamer
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Drops startup file
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

renamerdiscoveryworm

behavioral2

renamerdiscoveryworm

© 2018-2024

Terms | Privacy