rustybuer | 532e97e0ff4498854440784c6e7bcb8ed84ca654fb4acf893e8255b8a8c37911 | Triage

Sharing

General

Target

532e97e0ff4498854440784c6e7bcb8ed84ca654fb4acf893e8255b8a8c37911
Size

1.4MB
Sample

230626-etc8hahc6v
MD5

59afa5bc60bf7b9adb7dd4a0df84c0d9
SHA1

e3aa21d37156ea87d87ccbd011cf84896621b572
SHA256

532e97e0ff4498854440784c6e7bcb8ed84ca654fb4acf893e8255b8a8c37911
SHA512

4453e05b34f44f2ed9af0a51dfae9e08669812e47cc32699285c617981b1f106d617db308aff60b4da109eb1c35639a89e3e3b4d5d66d568106a5f529639bc98
SSDEEP

24576:T4pCbcwQbbC+/bb2GRrILR4IKz/L5uqju6u/kKxmgMfBvOoUSd3GdrwSRHIp:UpAnhalMRLKLhjtu/3xm3GzSdWdVHG

Score

10^/10

rustybuer loader

Malware Config

Extracted

Family

rustybuer

C2

https://serevalutinoffice.com/

Targets

- Target
  
  532e97e0ff4498854440784c6e7bcb8ed84ca654fb4acf893e8255b8a8c37911
- Size
  
  1.4MB
- MD5
  
  59afa5bc60bf7b9adb7dd4a0df84c0d9
- SHA1
  
  e3aa21d37156ea87d87ccbd011cf84896621b572
- SHA256
  
  532e97e0ff4498854440784c6e7bcb8ed84ca654fb4acf893e8255b8a8c37911
- SHA512
  
  4453e05b34f44f2ed9af0a51dfae9e08669812e47cc32699285c617981b1f106d617db308aff60b4da109eb1c35639a89e3e3b4d5d66d568106a5f529639bc98
- SSDEEP
  
  24576:T4pCbcwQbbC+/bb2GRrILR4IKz/L5uqju6u/kKxmgMfBvOoUSd3GdrwSRHIp:UpAnhalMRLKLhjtu/3xm3GzSdWdVHG
Score

10^/10

rustybuer loader
- RustyBuer
  RustyBuer is a new variant of Buer loader written in Rust.
  loader rustybuer
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

rustybuerloader

behavioral2

rustybuerloader