renamer | 3000c48be3def0f02a4b2a4cf7fc60d1b95aa3aed7a61c12afde11b5355ade01 | Triage

Submit
Reports

Overview

overview

Static

static

3000c48be3...01.exe

windows7-x64

3000c48be3...01.exe

windows10-2004-x64

Sharing

General

Target

3000c48be3def0f02a4b2a4cf7fc60d1b95aa3aed7a61c12afde11b5355ade01.exe
Size

824KB
Sample

250323-bkrsravxhs
MD5

472ed7c2332bd0b9b80013f129c8019a
SHA1

269e6697c3fc4098dcf0ab04f7cfc49c7ad9691e
SHA256

3000c48be3def0f02a4b2a4cf7fc60d1b95aa3aed7a61c12afde11b5355ade01
SHA512

b55ce5e759a339ae8f102f7bc49b2e1e1e03ea90e117173f62ee57e0cccad1399f5dc506f1492a1daa7660ed8b3430320a90de88b42bee30b0c9e4d22a6df125
SSDEEP

12288:XwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozE2888888888888W8888888L:DNzCtUpQ9WWPBSSRMTEpXN8

Score

10^/10

renamer discovery worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3000c48be3def0f02a4b2a4cf7fc60d1b95aa3aed7a61c12afde11b5355ade01.exe

Resource

win7-20241023-en

renamer discovery worm

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

3000c48be3def0f02a4b2a4cf7fc60d1b95aa3aed7a61c12afde11b5355ade01.exe

Resource

win10v2004-20250314-en

renamer discovery worm

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  3000c48be3def0f02a4b2a4cf7fc60d1b95aa3aed7a61c12afde11b5355ade01.exe
- Size
  
  824KB
- MD5
  
  472ed7c2332bd0b9b80013f129c8019a
- SHA1
  
  269e6697c3fc4098dcf0ab04f7cfc49c7ad9691e
- SHA256
  
  3000c48be3def0f02a4b2a4cf7fc60d1b95aa3aed7a61c12afde11b5355ade01
- SHA512
  
  b55ce5e759a339ae8f102f7bc49b2e1e1e03ea90e117173f62ee57e0cccad1399f5dc506f1492a1daa7660ed8b3430320a90de88b42bee30b0c9e4d22a6df125
- SSDEEP
  
  12288:XwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozE2888888888888W8888888L:DNzCtUpQ9WWPBSSRMTEpXN8
Score

10^/10

renamer discovery worm
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Renamer family
  renamer
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Drops startup file
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

renamerdiscoveryworm

behavioral2

renamerdiscoveryworm

© 2018-2025

Terms | Privacy