rustybuer | e0fb60da371912c158861c9660632d58e45cfcff12351cc9e03f497f319eb5de | Triage

Submit
Reports

Overview

overview

Static

static

1

WIN7(10)

windows7_x64

Resubmissions

10-04-2021 16:20

210410-3cqzjcbqw6 10

31-03-2021 11:29

210331-tzwgrtj9yx 7

Sharing

General

Target

Document_Opener.exe.14.dr
Size

1.4MB
Sample

210410-3cqzjcbqw6
MD5

4d182167da3f24bfb9e80469b0d7d62a
SHA1

1bb377017690bd7066bb98658a8bb90d91feeb93
SHA256

e0fb60da371912c158861c9660632d58e45cfcff12351cc9e03f497f319eb5de
SHA512

1ea73e9857320cf1571ffef0ec8ce042ff708c2ab8b8cde890f6afe3f82ac2e8106a2539d729f7e018ae0e82eb364eca3a0bea5f6acc919855574cbac2784302

Score

10^/10

rustybuer loader

Static task

static1

Behavioral task

behavioral1

Sample

Document_Opener.exe.14.dr.exe

Resource

win7v20201028

rustybuer loader

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

rustybuer

C2

https://gestahibanking.com/

Targets

- Target
  
  Document_Opener.exe.14.dr
- Size
  
  1.4MB
- MD5
  
  4d182167da3f24bfb9e80469b0d7d62a
- SHA1
  
  1bb377017690bd7066bb98658a8bb90d91feeb93
- SHA256
  
  e0fb60da371912c158861c9660632d58e45cfcff12351cc9e03f497f319eb5de
- SHA512
  
  1ea73e9857320cf1571ffef0ec8ce042ff708c2ab8b8cde890f6afe3f82ac2e8106a2539d729f7e018ae0e82eb364eca3a0bea5f6acc919855574cbac2784302
Score

10^/10

rustybuer loader
- RustyBuer
  RustyBuer is a new variant of Buer loader written in Rust.
  loader rustybuer
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rustybuerloader

© 2018-2024

Terms | Privacy