General

  • Target

    5648146386550784.zip

  • Size

    12KB

  • Sample

    210721-3e5c2m3cbe

  • MD5

    95c18e5137da2da9c67249c155ab8358

  • SHA1

    c52bb013b43821f714b55cafc4e94cb213c171ec

  • SHA256

    c43a631eb31a304b75768afb7fddec73a61e3df1f476a616bd46184971c64989

  • SHA512

    bcdbf888fa7472ecdcb11147683dd6c02784662b7393dc685d9f3ace36b7c0b79a1ecd97f7b0dbc7b3d799e16f5a56561900df33eedb839c7634ebb14769d0e6

Score
10/10

Malware Config

Extracted

Family

rustybuer

C2

https://shipmentofficedepot.com/

Targets

    • Target

      6f9d943f88f715ff8a122d7b88af986c1a9f38f4484e48cde768cf22a5935efe

    • Size

      29KB

    • MD5

      390a4902b4759094424ae7317d90f921

    • SHA1

      eda0909abe6fe5ca4564d913a8c6835d87d81255

    • SHA256

      6f9d943f88f715ff8a122d7b88af986c1a9f38f4484e48cde768cf22a5935efe

    • SHA512

      e3ecab7024923a3bec8910652657c73e11047f1b2522bd043d061a5be2e2f80a6ad62d65596652065ec5f8b3c48a0389af47415edc42cab225295dc953cf51c2

    Score
    10/10
    • RustyBuer

      RustyBuer is a new variant of Buer loader written in Rust.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks