buer | 6c870d3a5abad32d70b0599de0715e146228141243ac81066b99d77a9d315ce1 | Triage

Submit
Reports

Overview

overview

Static

static

e212e5bc42...a1.exe

windows7_x64

e212e5bc42...a1.exe

windows10_x64

Sharing

General

Target

DocumentPreview.bin.zip
Size

92KB
Sample

200708-4r5kakfwnj
MD5

e82561a4b93590db8de569c1b18476cd
SHA1

a0c56d31d3d48a9387044fdfaa19d9467cbf5e04
SHA256

6c870d3a5abad32d70b0599de0715e146228141243ac81066b99d77a9d315ce1
SHA512

b7b5cdd6cbec5a84c53cd7c6bc052e3bc3b8cb073e7cc0c7cd25d9ea69989430046216b47cb9c713308ee5306cc0b4b234cce3804d72884457ed4ad3d6fba201

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

e212e5bc428a0bca4615205f07c10d4e57dc881a2f32a9b8aeec040169435aa1.exe

Resource

win7v200430

buer loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e212e5bc428a0bca4615205f07c10d4e57dc881a2f32a9b8aeec040169435aa1.exe

Resource

win10

buer loader persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://162.244.81.87/

http://162.244.81.87:8080/

Targets

- Target
  
  e212e5bc428a0bca4615205f07c10d4e57dc881a2f32a9b8aeec040169435aa1
- Size
  
  146KB
- MD5
  
  db3c2530d727bac602e6c41cb3e60562
- SHA1
  
  0d62d5a5fba84c1e826591f27892466a1cd59257
- SHA256
  
  e212e5bc428a0bca4615205f07c10d4e57dc881a2f32a9b8aeec040169435aa1
- SHA512
  
  03e25d32a262c88ec2cf9303b7835da93b321a1d2a092531c96df8d95065944250f63c075792ca72b6d2a12d60c492782ba516712fbca0bf3b0239477b6b06e8
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2025

Terms | Privacy