General
Target

5648146386550784.zip

Size

12KB

Sample

210721-3e5c2m3cbe

Score
10/10
MD5

95c18e5137da2da9c67249c155ab8358

SHA1

c52bb013b43821f714b55cafc4e94cb213c171ec

SHA256

c43a631eb31a304b75768afb7fddec73a61e3df1f476a616bd46184971c64989

SHA512

bcdbf888fa7472ecdcb11147683dd6c02784662b7393dc685d9f3ace36b7c0b79a1ecd97f7b0dbc7b3d799e16f5a56561900df33eedb839c7634ebb14769d0e6

Malware Config

Extracted

Family

rustybuer

C2

https://shipmentofficedepot.com/

Targets
Target

6f9d943f88f715ff8a122d7b88af986c1a9f38f4484e48cde768cf22a5935efe

MD5

390a4902b4759094424ae7317d90f921

Filesize

29KB

Score
10/10
SHA1

eda0909abe6fe5ca4564d913a8c6835d87d81255

SHA256

6f9d943f88f715ff8a122d7b88af986c1a9f38f4484e48cde768cf22a5935efe

SHA512

e3ecab7024923a3bec8910652657c73e11047f1b2522bd043d061a5be2e2f80a6ad62d65596652065ec5f8b3c48a0389af47415edc42cab225295dc953cf51c2

Tags

Signatures

  • RustyBuer

    Description

    RustyBuer is a new variant of Buer loader written in Rust.

    Tags

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        N/A

                        behavioral1

                        Score
                        10/10

                        behavioral2

                        Score
                        10/10