renamer | bf8a8f298d83f87dd258a479bbb7bd742d20f32504c392c00d6c8255e005b7ab | Triage

Submit
Reports

Overview

overview

Static

static

bf8a8f298d...bN.exe

windows7-x64

bf8a8f298d...bN.exe

windows10-2004-x64

Sharing

General

Target

bf8a8f298d83f87dd258a479bbb7bd742d20f32504c392c00d6c8255e005b7abN.exe
Size

824KB
Sample

241217-n62w3azkgq
MD5

50d5a074897519ee758995bc4fdaeed0
SHA1

aab1c2b3cb16a244f037bc6eb2131c6997d721da
SHA256

bf8a8f298d83f87dd258a479bbb7bd742d20f32504c392c00d6c8255e005b7ab
SHA512

f754ad580826449c58f357c1592c2a5e9d98e322daa1436aee6d9847191ea585dbbf484c59ace417c08b5651aa36cd92afcc49194f9b29f73a849c9a5adc05dd
SSDEEP

12288:1wCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEc888888888888W8888888J:ZNzCtUpQ9WWPBSSRMTEpXNu

Score

10^/10

renamer discovery worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

bf8a8f298d83f87dd258a479bbb7bd742d20f32504c392c00d6c8255e005b7abN.exe

Resource

win7-20240708-en

renamer discovery worm

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

bf8a8f298d83f87dd258a479bbb7bd742d20f32504c392c00d6c8255e005b7abN.exe

Resource

win10v2004-20241007-en

renamer discovery worm

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  bf8a8f298d83f87dd258a479bbb7bd742d20f32504c392c00d6c8255e005b7abN.exe
- Size
  
  824KB
- MD5
  
  50d5a074897519ee758995bc4fdaeed0
- SHA1
  
  aab1c2b3cb16a244f037bc6eb2131c6997d721da
- SHA256
  
  bf8a8f298d83f87dd258a479bbb7bd742d20f32504c392c00d6c8255e005b7ab
- SHA512
  
  f754ad580826449c58f357c1592c2a5e9d98e322daa1436aee6d9847191ea585dbbf484c59ace417c08b5651aa36cd92afcc49194f9b29f73a849c9a5adc05dd
- SSDEEP
  
  12288:1wCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozEc888888888888W8888888J:ZNzCtUpQ9WWPBSSRMTEpXNu
Score

10^/10

renamer discovery worm
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Renamer family
  renamer
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Drops startup file
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

renamerdiscoveryworm

behavioral2

renamerdiscoveryworm

© 2018-2024

Terms | Privacy