General
-
Target
invoice_document.docm
-
Size
3.3MB
-
Sample
210401-qgmk2nzlx2
-
MD5
b0527860dce067ded04f8ed8cf99b7c1
-
SHA1
4827966bf79e78991d8c1d94a1a2ff1d71ab371a
-
SHA256
7bc840f3e200c5c877b411614a96a364f5402060db380a7691aeaabff18b602c
-
SHA512
3a506e49670bfeebdd1154130063f091e4c48b365986042a43cba3aeddb180ae4df709012b935b9ee1d6de2f65887b5637f87e8a29e8461abf48242100c8134b
Malware Config
Extracted
rustybuer
https://orderverification-api.com/
Targets
-
-
Target
invoice_document.docm
-
Size
3.3MB
-
MD5
b0527860dce067ded04f8ed8cf99b7c1
-
SHA1
4827966bf79e78991d8c1d94a1a2ff1d71ab371a
-
SHA256
7bc840f3e200c5c877b411614a96a364f5402060db380a7691aeaabff18b602c
-
SHA512
3a506e49670bfeebdd1154130063f091e4c48b365986042a43cba3aeddb180ae4df709012b935b9ee1d6de2f65887b5637f87e8a29e8461abf48242100c8134b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
RustyBuer
RustyBuer is a new variant of Buer loader written in Rust.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-