General
-
Target
JaffaCakes118_fea0bff375bbacbe7cc2b67a4b440cd2
-
Size
816KB
-
Sample
250216-ctsl3sxkbm
-
MD5
fea0bff375bbacbe7cc2b67a4b440cd2
-
SHA1
b25431870a8367f944ff8d1c7066ad19791d902a
-
SHA256
4a29990a48d2beb589a4208f28f101ed8653d91fde8d0a708171da9c62b0bf79
-
SHA512
83822b8ac066c54810a5b6a428ae47d19de293bbc4a3147b473887d82963ca77573806eddb27470b5da881cf52a7cdf23dbf39772fec79f83fe3ccbc35fc704f
-
SSDEEP
12288:gqkAx8i7pC8PapFTUt6xIuFrb9OKcEKfBKSNqvnSNgFCV4tuRJ888888888888WX:N8i7pjPapFTUt6xIyHGBKSNqvn5m4tki
Malware Config
Targets
-
-
Target
JaffaCakes118_fea0bff375bbacbe7cc2b67a4b440cd2
-
Size
816KB
-
MD5
fea0bff375bbacbe7cc2b67a4b440cd2
-
SHA1
b25431870a8367f944ff8d1c7066ad19791d902a
-
SHA256
4a29990a48d2beb589a4208f28f101ed8653d91fde8d0a708171da9c62b0bf79
-
SHA512
83822b8ac066c54810a5b6a428ae47d19de293bbc4a3147b473887d82963ca77573806eddb27470b5da881cf52a7cdf23dbf39772fec79f83fe3ccbc35fc704f
-
SSDEEP
12288:gqkAx8i7pC8PapFTUt6xIuFrb9OKcEKfBKSNqvnSNgFCV4tuRJ888888888888WX:N8i7pjPapFTUt6xIyHGBKSNqvn5m4tki
Score10/10-
Detects Renamer worm.
Renamer aka Grename is worm written in Delphi.
-
Renamer family
-
Renamer, Grenam
Renamer aka Grenam is a worm written in Delphi.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1