rustybuer | 001405ded84e227092bafe165117888d423719d7d75554025ec410d1d6558925 | Triage

Sharing

General

Target

Kylepono.exe
Size

3.2MB
Sample

210802-w5yc3bv79x
MD5

cd2eb880ecbad847cb6205a42708e5e4
SHA1

aadaba5e4d887136cbcb3df0a4dc0eb94f391585
SHA256

001405ded84e227092bafe165117888d423719d7d75554025ec410d1d6558925
SHA512

b0591d6e4181275001fdefb70e04bdeb1b241dc696a887f36375826904bc164714bfe5d0b86e39952f877309571b9a0212ca5e5f122c6393cb17a797b0c2f8b2

Score

10^/10

rustybuer loader

Malware Config

Extracted

Family

rustybuer

C2

https://vesupyny.com/

Targets

- Target
  
  Kylepono.exe
- Size
  
  3.2MB
- MD5
  
  cd2eb880ecbad847cb6205a42708e5e4
- SHA1
  
  aadaba5e4d887136cbcb3df0a4dc0eb94f391585
- SHA256
  
  001405ded84e227092bafe165117888d423719d7d75554025ec410d1d6558925
- SHA512
  
  b0591d6e4181275001fdefb70e04bdeb1b241dc696a887f36375826904bc164714bfe5d0b86e39952f877309571b9a0212ca5e5f122c6393cb17a797b0c2f8b2
Score

10^/10

rustybuer loader
- RustyBuer
  RustyBuer is a new variant of Buer loader written in Rust.
  loader rustybuer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rustybuerloader

behavioral2

rustybuerloader