rustybuer | 001405ded84e227092bafe165117888d423719d7d75554025ec410d1d6558925 | Triage

Sharing

General

Target

mal.exe
Size

3.2MB
Sample

231012-v9956sha28
MD5

cd2eb880ecbad847cb6205a42708e5e4
SHA1

aadaba5e4d887136cbcb3df0a4dc0eb94f391585
SHA256

001405ded84e227092bafe165117888d423719d7d75554025ec410d1d6558925
SHA512

b0591d6e4181275001fdefb70e04bdeb1b241dc696a887f36375826904bc164714bfe5d0b86e39952f877309571b9a0212ca5e5f122c6393cb17a797b0c2f8b2
SSDEEP

49152:Ww/9l48pPUbkSv5TCcLhAKFEl3In1bnkpisogrpu4r+3qwsi:WcfUbZGcLMIn1Lkp3lrpuh8i

Score

10^/10

rustybuer loader

Malware Config

Extracted

Family

rustybuer

C2

https://vesupyny.com/

Targets

- Target
  
  mal.exe
- Size
  
  3.2MB
- MD5
  
  cd2eb880ecbad847cb6205a42708e5e4
- SHA1
  
  aadaba5e4d887136cbcb3df0a4dc0eb94f391585
- SHA256
  
  001405ded84e227092bafe165117888d423719d7d75554025ec410d1d6558925
- SHA512
  
  b0591d6e4181275001fdefb70e04bdeb1b241dc696a887f36375826904bc164714bfe5d0b86e39952f877309571b9a0212ca5e5f122c6393cb17a797b0c2f8b2
- SSDEEP
  
  49152:Ww/9l48pPUbkSv5TCcLhAKFEl3In1bnkpisogrpu4r+3qwsi:WcfUbZGcLMIn1Lkp3lrpuh8i
Score

10^/10

rustybuer loader
- RustyBuer
  RustyBuer is a new variant of Buer loader written in Rust.
  loader rustybuer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

rustybuerloader

behavioral2

rustybuerloader