General

  • Target

    hypovitaminosis.db

  • Size

    3.9MB

  • Sample

    210820-69tdczw1de

  • MD5

    26944aed6dfc2c25f96bbca49925fcaf

  • SHA1

    b2b7a7a659abf7fd2c5596c119478363e0b7f360

  • SHA256

    64dd547546394e1d431a25a671892c7aca9cf57ed0733a7435028792ad42f4a7

  • SHA512

    ea0a599107acfbca4cc20987d003bd27a3168adea1df56378d4b6a934d1429d543bec91a7216c485ec0167b1d34ed510299e030944c4b8f6c3922b4699a4eabf

Score
10/10

Malware Config

Extracted

Family

rustybuer

C2

https://awmelisers.com/

Targets

    • Target

      hypovitaminosis.db

    • Size

      3.9MB

    • MD5

      26944aed6dfc2c25f96bbca49925fcaf

    • SHA1

      b2b7a7a659abf7fd2c5596c119478363e0b7f360

    • SHA256

      64dd547546394e1d431a25a671892c7aca9cf57ed0733a7435028792ad42f4a7

    • SHA512

      ea0a599107acfbca4cc20987d003bd27a3168adea1df56378d4b6a934d1429d543bec91a7216c485ec0167b1d34ed510299e030944c4b8f6c3922b4699a4eabf

    Score
    10/10
    • RustyBuer

      RustyBuer is a new variant of Buer loader written in Rust.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks