Extracted

• • Target

    DocumentPreview.exe

  • Size

    146KB

  • MD5

    db3c2530d727bac602e6c41cb3e60562

  • SHA1

    0d62d5a5fba84c1e826591f27892466a1cd59257

  • SHA256

    e212e5bc428a0bca4615205f07c10d4e57dc881a2f32a9b8aeec040169435aa1

  • SHA512

    03e25d32a262c88ec2cf9303b7835da93b321a1d2a092531c96df8d95065944250f63c075792ca72b6d2a12d60c492782ba516712fbca0bf3b0239477b6b06e8

  Score

  10^/10

  buerloaderpersistence

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer

  • Modifies WinLogon for persistence

    persistence

  • Buer Loader

    Detects Buer loader in memory or disk.

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2