General
Target

mudminnows

Size

3MB

Sample

210803-vtn7npwxx2

Score
10/10
MD5

106b947aa2e8101bff6e3ff0f82bfe95

SHA1

78a381408947f252bcbe170a4223c8a5a64fc11f

SHA256

88689636f4b2287701b63f42c12e7e2387bf4c3ecc45eeb8a61ea707126bad9b

SHA512

da8e58f307b7dfba78a96e1af5a4c9df79040f7d5a1181a08926bd32ff6d782375636882703d4eb6d194876c9aafd8394cde129ba401d66c5079393d84433693

Malware Config

Extracted

Family

rustybuer

C2

https://cerionetya.com/

Targets
Target

mudminnows

MD5

106b947aa2e8101bff6e3ff0f82bfe95

Filesize

3MB

Score
10/10
SHA1

78a381408947f252bcbe170a4223c8a5a64fc11f

SHA256

88689636f4b2287701b63f42c12e7e2387bf4c3ecc45eeb8a61ea707126bad9b

SHA512

da8e58f307b7dfba78a96e1af5a4c9df79040f7d5a1181a08926bd32ff6d782375636882703d4eb6d194876c9aafd8394cde129ba401d66c5079393d84433693

Tags

Signatures

  • RustyBuer

    Description

    RustyBuer is a new variant of Buer loader written in Rust.

    Tags

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        Score
                        N/A

                        behavioral1

                        Score
                        10/10

                        behavioral2

                        Score
                        10/10