General

  • Target

    532e97e0ff4498854440784c6e7bcb8ed84ca654fb4acf893e8255b8a8c37911

  • Size

    1.4MB

  • Sample

    230626-ds1rqsga56

  • MD5

    59afa5bc60bf7b9adb7dd4a0df84c0d9

  • SHA1

    e3aa21d37156ea87d87ccbd011cf84896621b572

  • SHA256

    532e97e0ff4498854440784c6e7bcb8ed84ca654fb4acf893e8255b8a8c37911

  • SHA512

    4453e05b34f44f2ed9af0a51dfae9e08669812e47cc32699285c617981b1f106d617db308aff60b4da109eb1c35639a89e3e3b4d5d66d568106a5f529639bc98

  • SSDEEP

    24576:T4pCbcwQbbC+/bb2GRrILR4IKz/L5uqju6u/kKxmgMfBvOoUSd3GdrwSRHIp:UpAnhalMRLKLhjtu/3xm3GzSdWdVHG

Score
10/10

Malware Config

Extracted

Family

rustybuer

C2

https://serevalutinoffice.com/

Targets

    • Target

      532e97e0ff4498854440784c6e7bcb8ed84ca654fb4acf893e8255b8a8c37911

    • Size

      1.4MB

    • MD5

      59afa5bc60bf7b9adb7dd4a0df84c0d9

    • SHA1

      e3aa21d37156ea87d87ccbd011cf84896621b572

    • SHA256

      532e97e0ff4498854440784c6e7bcb8ed84ca654fb4acf893e8255b8a8c37911

    • SHA512

      4453e05b34f44f2ed9af0a51dfae9e08669812e47cc32699285c617981b1f106d617db308aff60b4da109eb1c35639a89e3e3b4d5d66d568106a5f529639bc98

    • SSDEEP

      24576:T4pCbcwQbbC+/bb2GRrILR4IKz/L5uqju6u/kKxmgMfBvOoUSd3GdrwSRHIp:UpAnhalMRLKLhjtu/3xm3GzSdWdVHG

    Score
    10/10
    • RustyBuer

      RustyBuer is a new variant of Buer loader written in Rust.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks