buer | 070d785aab37f9ac742f0c5ad255be4d46147ae9917960058fe5846a2e2e1083 | Triage

Submit
Reports

Overview

overview

Static

static

070d785aab...83.exe

windows7_x64

070d785aab...83.exe

windows10_x64

Sharing

General

Target

070d785aab37f9ac742f0c5ad255be4d46147ae9917960058fe5846a2e2e1083
Size

38KB
Sample

200706-e9vg7tb8zn
MD5

d91043ee270758fbc29613e993cf17a6
SHA1

bf3baf3e2d446f65b14d310e0e0a79d4002f9c03
SHA256

070d785aab37f9ac742f0c5ad255be4d46147ae9917960058fe5846a2e2e1083
SHA512

1b8daad67e37e02835666acb1a815baccd235f955c95cf34bb28a9f4301eae32767919c1a473614da61ff7c0c0e646ac04317145228d6c57f02f3a0e55535000

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

070d785aab37f9ac742f0c5ad255be4d46147ae9917960058fe5846a2e2e1083.exe

Resource

win7v200430

buer loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

070d785aab37f9ac742f0c5ad255be4d46147ae9917960058fe5846a2e2e1083.exe

Resource

win10

buer loader persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://66.228.45.248/

https://server-linode.nl/

Targets

- Target
  
  070d785aab37f9ac742f0c5ad255be4d46147ae9917960058fe5846a2e2e1083
- Size
  
  38KB
- MD5
  
  d91043ee270758fbc29613e993cf17a6
- SHA1
  
  bf3baf3e2d446f65b14d310e0e0a79d4002f9c03
- SHA256
  
  070d785aab37f9ac742f0c5ad255be4d46147ae9917960058fe5846a2e2e1083
- SHA512
  
  1b8daad67e37e02835666acb1a815baccd235f955c95cf34bb28a9f4301eae32767919c1a473614da61ff7c0c0e646ac04317145228d6c57f02f3a0e55535000
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2024

Terms | Privacy