Overview

overview

10

Static

static

10

JaffaCakes...78.exe

windows7-x64

10

JaffaCakes...78.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_18cf1176954d84f195905e7a986ac878

  • Size

    816KB

  • Sample

    250222-ll13xssrhx

  • MD5

    18cf1176954d84f195905e7a986ac878

  • SHA1

    e29c63880c8dcc69b4fe8abcf1f6e66871ced687

  • SHA256

    0110f0b0df8e6c5e3bb6faebef1e885d77fc6be33759764152a6da1d865e0ad2

  • SHA512

    b255fe534edc55fec197514f7b15354db6a7f36a6894aa6266a976ff38204fc13870542f38b278ce7a3f6392537118bcddfa79685b21248994b57aeda764e608

  • SSDEEP

    12288:gqkAx8i7pC8PapFTUt6xIuFrb9OKcEKfBKSNqvnSNgFCV4tuRi888888888888WX:N8i7pjPapFTUt6xIyHGBKSNqvn5m4tkz

Score
10/10
renamerdiscoverypersistenceworm

Malware Config

Targets

    • Target

      JaffaCakes118_18cf1176954d84f195905e7a986ac878

    • Size

      816KB

    • MD5

      18cf1176954d84f195905e7a986ac878

    • SHA1

      e29c63880c8dcc69b4fe8abcf1f6e66871ced687

    • SHA256

      0110f0b0df8e6c5e3bb6faebef1e885d77fc6be33759764152a6da1d865e0ad2

    • SHA512

      b255fe534edc55fec197514f7b15354db6a7f36a6894aa6266a976ff38204fc13870542f38b278ce7a3f6392537118bcddfa79685b21248994b57aeda764e608

    • SSDEEP

      12288:gqkAx8i7pC8PapFTUt6xIuFrb9OKcEKfBKSNqvnSNgFCV4tuRi888888888888WX:N8i7pjPapFTUt6xIyHGBKSNqvn5m4tkz

    Score
    10/10
    renamerdiscoverypersistenceworm

    • Detects Renamer worm.

      Renamer aka Grename is worm written in Delphi.

    • Renamer family

      renamer

    • Renamer, Grenam

      Renamer aka Grenam is a worm written in Delphi.

      wormrenamer

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks