rustybuer | d3a486d3b032834b1203adefd25d0bf0b36fae7f9e72071c21ccc266e1e1f893 | Triage

Sharing

General

Target

80d5a0defa331caea1ebe788bf1dc116
Size

4.1MB
Sample

231226-v411babeg6
MD5

80d5a0defa331caea1ebe788bf1dc116
SHA1

471408a3a30f345e70e40ec306e99bf514b30726
SHA256

d3a486d3b032834b1203adefd25d0bf0b36fae7f9e72071c21ccc266e1e1f893
SHA512

82f3cf4cde2f2d96673f1de63216a369520493889329d38b2a688f89446a0350fbc200a83c172deefdaa20f9f44bc388762484718dfb50212ba825bd5c3227dd
SSDEEP

49152:qdVNhdTN5cWr9GnzpMZ/eKL4cJtkNu/ugum94gDxNLtdHvhkIpxVVEZGZapnhlkD:qdVNxkKeW424u/ug9DVSdlYg7mrPiVo

Score

10^/10

rustybuer loader

Malware Config

Extracted

Family

rustybuer

C2

https://karbotza.com/

Targets

- Target
  
  80d5a0defa331caea1ebe788bf1dc116
- Size
  
  4.1MB
- MD5
  
  80d5a0defa331caea1ebe788bf1dc116
- SHA1
  
  471408a3a30f345e70e40ec306e99bf514b30726
- SHA256
  
  d3a486d3b032834b1203adefd25d0bf0b36fae7f9e72071c21ccc266e1e1f893
- SHA512
  
  82f3cf4cde2f2d96673f1de63216a369520493889329d38b2a688f89446a0350fbc200a83c172deefdaa20f9f44bc388762484718dfb50212ba825bd5c3227dd
- SSDEEP
  
  49152:qdVNhdTN5cWr9GnzpMZ/eKL4cJtkNu/ugum94gDxNLtdHvhkIpxVVEZGZapnhlkD:qdVNxkKeW424u/ug9DVSdlYg7mrPiVo
Score

10^/10

rustybuer loader
- RustyBuer
  RustyBuer is a new variant of Buer loader written in Rust.
  loader rustybuer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

rustybuerloader

behavioral2

rustybuerloader