rustybuer | c43a631eb31a304b75768afb7fddec73a61e3df1f476a616bd46184971c64989 | Triage

Sharing

General

Target

5648146386550784.zip
Size

12KB
Sample

210721-3e5c2m3cbe
MD5

95c18e5137da2da9c67249c155ab8358
SHA1

c52bb013b43821f714b55cafc4e94cb213c171ec
SHA256

c43a631eb31a304b75768afb7fddec73a61e3df1f476a616bd46184971c64989
SHA512

bcdbf888fa7472ecdcb11147683dd6c02784662b7393dc685d9f3ace36b7c0b79a1ecd97f7b0dbc7b3d799e16f5a56561900df33eedb839c7634ebb14769d0e6

Score

10^/10

rustybuer loader

Malware Config

Extracted

Family

rustybuer

C2

https://shipmentofficedepot.com/

Targets

- Target
  
  6f9d943f88f715ff8a122d7b88af986c1a9f38f4484e48cde768cf22a5935efe
- Size
  
  29KB
- MD5
  
  390a4902b4759094424ae7317d90f921
- SHA1
  
  eda0909abe6fe5ca4564d913a8c6835d87d81255
- SHA256
  
  6f9d943f88f715ff8a122d7b88af986c1a9f38f4484e48cde768cf22a5935efe
- SHA512
  
  e3ecab7024923a3bec8910652657c73e11047f1b2522bd043d061a5be2e2f80a6ad62d65596652065ec5f8b3c48a0389af47415edc42cab225295dc953cf51c2
Score

10^/10

rustybuer loader
- RustyBuer
  RustyBuer is a new variant of Buer loader written in Rust.
  loader rustybuer
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rustybuerloader

behavioral2

rustybuerloader