rustybuer | 88689636f4b2287701b63f42c12e7e2387bf4c3ecc45eeb8a61ea707126bad9b | Triage

Sharing

General

Target

106b947aa2e8101bff6e3ff0f82bfe95
Size

3.2MB
Sample

231230-gknc8agdcq
MD5

106b947aa2e8101bff6e3ff0f82bfe95
SHA1

78a381408947f252bcbe170a4223c8a5a64fc11f
SHA256

88689636f4b2287701b63f42c12e7e2387bf4c3ecc45eeb8a61ea707126bad9b
SHA512

da8e58f307b7dfba78a96e1af5a4c9df79040f7d5a1181a08926bd32ff6d782375636882703d4eb6d194876c9aafd8394cde129ba401d66c5079393d84433693
SSDEEP

49152:yNUPRS5YfeBi35enfGiSpQQ17dWRsnVQLKaCTpdNu:d/+I7mwFTpf

Score

10^/10

rustybuer loader

Malware Config

Extracted

Family

rustybuer

C2

https://cerionetya.com/

Targets

- Target
  
  106b947aa2e8101bff6e3ff0f82bfe95
- Size
  
  3.2MB
- MD5
  
  106b947aa2e8101bff6e3ff0f82bfe95
- SHA1
  
  78a381408947f252bcbe170a4223c8a5a64fc11f
- SHA256
  
  88689636f4b2287701b63f42c12e7e2387bf4c3ecc45eeb8a61ea707126bad9b
- SHA512
  
  da8e58f307b7dfba78a96e1af5a4c9df79040f7d5a1181a08926bd32ff6d782375636882703d4eb6d194876c9aafd8394cde129ba401d66c5079393d84433693
- SSDEEP
  
  49152:yNUPRS5YfeBi35enfGiSpQQ17dWRsnVQLKaCTpdNu:d/+I7mwFTpf
Score

10^/10

rustybuer loader
- RustyBuer
  RustyBuer is a new variant of Buer loader written in Rust.
  loader rustybuer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rustybuerloader

behavioral2

rustybuerloader