Overview

overview

10

Static

static

10

JaffaCakes...68.exe

windows7-x64

10

JaffaCakes...68.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5bd0036c0e8d920bca978a8e19499b68

  • Size

    816KB

  • Sample

    250129-1yg8xazjfr

  • MD5

    5bd0036c0e8d920bca978a8e19499b68

  • SHA1

    e84285bd96d189b7756864b823e70a1af14d8497

  • SHA256

    3879a02f08c42046a64d87fd4d499cae0f4e04471520e97eee6666fa0785d4db

  • SHA512

    6f347f23cabaeb37b7275421bbc7777bb1076e57a3350e9848faf54e27b936aaf1f573717835edb2524090786cb512ca421d3ad341388dd60f35b2f1211eae73

  • SSDEEP

    12288:gqkAx8i7pC8PapFTUt6xIuFrb9OKcEKfBKSNqvnSNgFCV4tuRM888888888888WX:N8i7pjPapFTUt6xIyHGBKSNqvn5m4tkx

Score
10/10
renamerdiscoverypersistenceworm

Malware Config

Targets

    • Target

      JaffaCakes118_5bd0036c0e8d920bca978a8e19499b68

    • Size

      816KB

    • MD5

      5bd0036c0e8d920bca978a8e19499b68

    • SHA1

      e84285bd96d189b7756864b823e70a1af14d8497

    • SHA256

      3879a02f08c42046a64d87fd4d499cae0f4e04471520e97eee6666fa0785d4db

    • SHA512

      6f347f23cabaeb37b7275421bbc7777bb1076e57a3350e9848faf54e27b936aaf1f573717835edb2524090786cb512ca421d3ad341388dd60f35b2f1211eae73

    • SSDEEP

      12288:gqkAx8i7pC8PapFTUt6xIuFrb9OKcEKfBKSNqvnSNgFCV4tuRM888888888888WX:N8i7pjPapFTUt6xIyHGBKSNqvn5m4tkx

    Score
    10/10
    renamerdiscoverypersistenceworm

    • Detects Renamer worm.

      Renamer aka Grename is worm written in Delphi.

    • Renamer family

      renamer

    • Renamer, Grenam

      Renamer aka Grenam is a worm written in Delphi.

      wormrenamer

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks