Overview

overview

10

Static

static

10

JaffaCakes...3c.exe

windows7-x64

10

JaffaCakes...3c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_03115687996615c93c08ef57b7c4b93c

  • Size

    816KB

  • Sample

    250219-dh42eavrar

  • MD5

    03115687996615c93c08ef57b7c4b93c

  • SHA1

    8df3d67b28cfaf9be84763091465c52efc06bd72

  • SHA256

    448842a1cbe5ddc98ef7c24dfec4e8376962f6f4ce559d5fecc06cc1bda37769

  • SHA512

    5fb1fb325258f3373f67a173088d4ab416d0c2d158007326538f7e3867e337380bb423b1d9a9cca3ec48c701da8f1ba2afa123a846b3a62e0e277bf22411c6a2

  • SSDEEP

    12288:gqkAx8i7pC8PapFTUt6xIuFrb9OKcEKfBKSNqvnSNgFCV4tuR0888888888888WX:N8i7pjPapFTUt6xIyHGBKSNqvn5m4tkZ

Score
10/10
renamerdiscoverypersistenceworm

Malware Config

Targets

    • Target

      JaffaCakes118_03115687996615c93c08ef57b7c4b93c

    • Size

      816KB

    • MD5

      03115687996615c93c08ef57b7c4b93c

    • SHA1

      8df3d67b28cfaf9be84763091465c52efc06bd72

    • SHA256

      448842a1cbe5ddc98ef7c24dfec4e8376962f6f4ce559d5fecc06cc1bda37769

    • SHA512

      5fb1fb325258f3373f67a173088d4ab416d0c2d158007326538f7e3867e337380bb423b1d9a9cca3ec48c701da8f1ba2afa123a846b3a62e0e277bf22411c6a2

    • SSDEEP

      12288:gqkAx8i7pC8PapFTUt6xIuFrb9OKcEKfBKSNqvnSNgFCV4tuR0888888888888WX:N8i7pjPapFTUt6xIyHGBKSNqvn5m4tkZ

    Score
    10/10
    renamerdiscoverypersistenceworm

    • Detects Renamer worm.

      Renamer aka Grename is worm written in Delphi.

    • Renamer family

      renamer

    • Renamer, Grenam

      Renamer aka Grenam is a worm written in Delphi.

      wormrenamer

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks