Overview

overview

10

Static

static

hypovitami...db.exe

windows7_x64

10

hypovitami...db.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hypovitaminosis.db

  • Size

    3.9MB

  • Sample

    210820-69tdczw1de

  • MD5

    26944aed6dfc2c25f96bbca49925fcaf

  • SHA1

    b2b7a7a659abf7fd2c5596c119478363e0b7f360

  • SHA256

    64dd547546394e1d431a25a671892c7aca9cf57ed0733a7435028792ad42f4a7

  • SHA512

    ea0a599107acfbca4cc20987d003bd27a3168adea1df56378d4b6a934d1429d543bec91a7216c485ec0167b1d34ed510299e030944c4b8f6c3922b4699a4eabf

Score
10/10
rustybuerloader

Malware Config

Extracted

Family

rustybuer

C2

https://awmelisers.com/

Targets

    • Target

      hypovitaminosis.db

    • Size

      3.9MB

    • MD5

      26944aed6dfc2c25f96bbca49925fcaf

    • SHA1

      b2b7a7a659abf7fd2c5596c119478363e0b7f360

    • SHA256

      64dd547546394e1d431a25a671892c7aca9cf57ed0733a7435028792ad42f4a7

    • SHA512

      ea0a599107acfbca4cc20987d003bd27a3168adea1df56378d4b6a934d1429d543bec91a7216c485ec0167b1d34ed510299e030944c4b8f6c3922b4699a4eabf

    Score
    10/10
    rustybuerloader

    • RustyBuer

      RustyBuer is a new variant of Buer loader written in Rust.

      loaderrustybuer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks