Overview

overview

10

Static

static

26944aed6d...af.exe

windows7_x64

10

26944aed6d...af.exe

windows7_x64

10

26944aed6d...af.exe

windows10_x64

10

26944aed6d...af.exe

windows10_x64

10

Analysis

  • max time kernel
    140s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-en
  • submitted
    10/09/2021, 02:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26944aed6dfc2c25f96bbca49925fcaf.exe

  • Size

    3.9MB

  • MD5

    26944aed6dfc2c25f96bbca49925fcaf

  • SHA1

    b2b7a7a659abf7fd2c5596c119478363e0b7f360

  • SHA256

    64dd547546394e1d431a25a671892c7aca9cf57ed0733a7435028792ad42f4a7

  • SHA512

    ea0a599107acfbca4cc20987d003bd27a3168adea1df56378d4b6a934d1429d543bec91a7216c485ec0167b1d34ed510299e030944c4b8f6c3922b4699a4eabf

Score
10/10
rustybuerloader

Malware Config

Extracted

Family

rustybuer

C2

https://awmelisers.com/

Signatures

  • RustyBuer

    RustyBuer is a new variant of Buer loader written in Rust.

    loaderrustybuer
  • Enumerates connected drives 3 TTPs 49 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26944aed6dfc2c25f96bbca49925fcaf.exe
    "C:\Users\Admin\AppData\Local\Temp\26944aed6dfc2c25f96bbca49925fcaf.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:736
    • C:\Windows\SysWOW64\secinit.exe
      "C:\Windows\System32\secinit.exe"
      2⤵
      • Enumerates connected drives
      • Suspicious behavior: EnumeratesProcesses
      PID:1524

Network

  • flag-us
    DNS
    awmelisers.com
    secinit.exe
    Remote address:
    8.8.8.8:53
    Request
    awmelisers.com
    IN A
    Response
    awmelisers.com
    IN A
    206.81.23.172
  • 206.81.23.172:443
    awmelisers.com
    secinit.exe
    152 B
     3
  • 8.8.8.8:53
    awmelisers.com
    dns
    secinit.exe
    60 B
     76 B
     1
    1

    DNS Request

    awmelisers.com

    DNS Response

    206.81.23.172

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/736-55-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1524-53-0x0000000000400000-0x0000000000535000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/1524-56-0x0000000000400000-0x0000000000535000-memory.dmp

    Filesize

    1.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.