Overview

overview

10

Static

static

1

newbuer.exe

windows7_x64

10

newbuer.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    newbuer.exe

  • Size

    111KB

  • Sample

    200518-m7nvffm12n

  • MD5

    4df84f8de8a5526f119c26518b529757

  • SHA1

    42d281abeb10649bff097504f20e8fc2c8e85f5c

  • SHA256

    9e746625abad522321067f546c40e8b26176ef5585bf3a45cb58ff758738f68c

  • SHA512

    68cd6ce9eb7f01d7e6b2b2fff6dfdf981834168cb406a7d67df1f4c9d78b36b22689b03e408e3e68faf76d3bb4b0abd109024d4e2389258ea64a89f54e4a4b88

Score
10/10
buerloaderpersistence

Malware Config

Extracted

Family

buer

C2

https://maldivosgrant.net/

https://jokenoiam.net/

Targets

    • Target

      newbuer.exe

    • Size

      111KB

    • MD5

      4df84f8de8a5526f119c26518b529757

    • SHA1

      42d281abeb10649bff097504f20e8fc2c8e85f5c

    • SHA256

      9e746625abad522321067f546c40e8b26176ef5585bf3a45cb58ff758738f68c

    • SHA512

      68cd6ce9eb7f01d7e6b2b2fff6dfdf981834168cb406a7d67df1f4c9d78b36b22689b03e408e3e68faf76d3bb4b0abd109024d4e2389258ea64a89f54e4a4b88

    Score
    10/10
    buerloaderpersistence

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Modifies WinLogon for persistence

      persistence

    • Buer Loader

      Detects Buer loader in memory or disk.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks