rustybuer | 64dd547546394e1d431a25a671892c7aca9cf57ed0733a7435028792ad42f4a7 | Triage

Sharing

General

Target

26944aed6dfc2c25f96bbca49925fcaf
Size

3.9MB
Sample

231231-d5vfgsagak
MD5

26944aed6dfc2c25f96bbca49925fcaf
SHA1

b2b7a7a659abf7fd2c5596c119478363e0b7f360
SHA256

64dd547546394e1d431a25a671892c7aca9cf57ed0733a7435028792ad42f4a7
SHA512

ea0a599107acfbca4cc20987d003bd27a3168adea1df56378d4b6a934d1429d543bec91a7216c485ec0167b1d34ed510299e030944c4b8f6c3922b4699a4eabf
SSDEEP

49152:F1ipQvZCurkVo3XmVM3EhjrzoZtMKVjGWSIA2W++ombl9QMz:fKuB0n7hjRWLA2W++ombl9QM

Score

10^/10

rustybuer loader

Malware Config

Extracted

Family

rustybuer

C2

https://awmelisers.com/

Targets

- Target
  
  26944aed6dfc2c25f96bbca49925fcaf
- Size
  
  3.9MB
- MD5
  
  26944aed6dfc2c25f96bbca49925fcaf
- SHA1
  
  b2b7a7a659abf7fd2c5596c119478363e0b7f360
- SHA256
  
  64dd547546394e1d431a25a671892c7aca9cf57ed0733a7435028792ad42f4a7
- SHA512
  
  ea0a599107acfbca4cc20987d003bd27a3168adea1df56378d4b6a934d1429d543bec91a7216c485ec0167b1d34ed510299e030944c4b8f6c3922b4699a4eabf
- SSDEEP
  
  49152:F1ipQvZCurkVo3XmVM3EhjrzoZtMKVjGWSIA2W++ombl9QMz:fKuB0n7hjRWLA2W++ombl9QM
Score

10^/10

rustybuer loader
- RustyBuer
  RustyBuer is a new variant of Buer loader written in Rust.
  loader rustybuer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

rustybuerloader

behavioral2