Malware sandboxing report by Hatching Triage

Target

5648146386550784.zip

Size

12KB

Sample

210721-3e5c2m3cbe

Score

10^/10

MD5

95c18e5137da2da9c67249c155ab8358

SHA1

c52bb013b43821f714b55cafc4e94cb213c171ec

SHA256

c43a631eb31a304b75768afb7fddec73a61e3df1f476a616bd46184971c64989

SHA512

bcdbf888fa7472ecdcb11147683dd6c02784662b7393dc685d9f3ace36b7c0b79a1ecd97f7b0dbc7b3d799e16f5a56561900df33eedb839c7634ebb14769d0e6

Extracted

Family	rustybuer
C2	https://shipmentofficedepot.com/ https://shipmentofficedepot.com/

Target

6f9d943f88f715ff8a122d7b88af986c1a9f38f4484e48cde768cf22a5935efe

MD5

390a4902b4759094424ae7317d90f921

Filesize

29KB

Score

10^/10

SHA1

eda0909abe6fe5ca4564d913a8c6835d87d81255

SHA256

6f9d943f88f715ff8a122d7b88af986c1a9f38f4484e48cde768cf22a5935efe

SHA512

e3ecab7024923a3bec8910652657c73e11047f1b2522bd043d061a5be2e2f80a6ad62d65596652065ec5f8b3c48a0389af47415edc42cab225295dc953cf51c2

Signatures

RustyBuer
Description

RustyBuer is a new variant of Buer loader written in Rust.
Tags

loader rustybuer
Blocklisted process makes network request
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Description

Attempts to read the root path of hard drives other than the default C: drive.
TTPs

Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

Score

N/A

behavioral1

rustybuer loader

Score

10^/10

behavioral2

rustybuer loader

Score

10^/10

Extracted

Tags

Signatures

RustyBuer

Description

Tags

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Description

TTPs

Related Tasks

static1

behavioral1

behavioral2