General
Target

Kylepono.exe

Size

3MB

Sample

210802-w5yc3bv79x

Score
10/10
MD5

cd2eb880ecbad847cb6205a42708e5e4

SHA1

aadaba5e4d887136cbcb3df0a4dc0eb94f391585

SHA256

001405ded84e227092bafe165117888d423719d7d75554025ec410d1d6558925

SHA512

b0591d6e4181275001fdefb70e04bdeb1b241dc696a887f36375826904bc164714bfe5d0b86e39952f877309571b9a0212ca5e5f122c6393cb17a797b0c2f8b2

Malware Config

Extracted

Family

rustybuer

C2

https://vesupyny.com/

Targets
Target

Kylepono.exe

MD5

cd2eb880ecbad847cb6205a42708e5e4

Filesize

3MB

Score
10/10
SHA1

aadaba5e4d887136cbcb3df0a4dc0eb94f391585

SHA256

001405ded84e227092bafe165117888d423719d7d75554025ec410d1d6558925

SHA512

b0591d6e4181275001fdefb70e04bdeb1b241dc696a887f36375826904bc164714bfe5d0b86e39952f877309571b9a0212ca5e5f122c6393cb17a797b0c2f8b2

Tags

Signatures

  • RustyBuer

    Description

    RustyBuer is a new variant of Buer loader written in Rust.

    Tags

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        N/A

                        behavioral1

                        Score
                        10/10

                        behavioral2

                        Score
                        10/10