Extracted

• • Target

    26944aed6dfc2c25f96bbca49925fcaf

  • Size

    3.9MB

  • MD5

    26944aed6dfc2c25f96bbca49925fcaf

  • SHA1

    b2b7a7a659abf7fd2c5596c119478363e0b7f360

  • SHA256

    64dd547546394e1d431a25a671892c7aca9cf57ed0733a7435028792ad42f4a7

  • SHA512

    ea0a599107acfbca4cc20987d003bd27a3168adea1df56378d4b6a934d1429d543bec91a7216c485ec0167b1d34ed510299e030944c4b8f6c3922b4699a4eabf

  Score

  10^/10

  rustybuerloaderpersistence

  • Modifies system executable filetype association

    persistence

  • Registers COM server for autorun

    persistence

  • RustyBuer

    RustyBuer is a new variant of Buer loader written in Rust.

    loaderrustybuer

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2behavioral3behavioral4