Overview

overview

10

Static

static

mudminnows.exe

windows7_x64

10

mudminnows.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mudminnows

  • Size

    3.2MB

  • Sample

    210803-vtn7npwxx2

  • MD5

    106b947aa2e8101bff6e3ff0f82bfe95

  • SHA1

    78a381408947f252bcbe170a4223c8a5a64fc11f

  • SHA256

    88689636f4b2287701b63f42c12e7e2387bf4c3ecc45eeb8a61ea707126bad9b

  • SHA512

    da8e58f307b7dfba78a96e1af5a4c9df79040f7d5a1181a08926bd32ff6d782375636882703d4eb6d194876c9aafd8394cde129ba401d66c5079393d84433693

Score
10/10
rustybuerloader

Malware Config

Extracted

Family

rustybuer

C2

https://cerionetya.com/

Targets

    • Target

      mudminnows

    • Size

      3.2MB

    • MD5

      106b947aa2e8101bff6e3ff0f82bfe95

    • SHA1

      78a381408947f252bcbe170a4223c8a5a64fc11f

    • SHA256

      88689636f4b2287701b63f42c12e7e2387bf4c3ecc45eeb8a61ea707126bad9b

    • SHA512

      da8e58f307b7dfba78a96e1af5a4c9df79040f7d5a1181a08926bd32ff6d782375636882703d4eb6d194876c9aafd8394cde129ba401d66c5079393d84433693

    Score
    10/10
    rustybuerloader

    • RustyBuer

      RustyBuer is a new variant of Buer loader written in Rust.

      loaderrustybuer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks