Extracted

• • Target

    DocumentPreview.exe

  • Size

    228KB

  • MD5

    801b2019d58f05ea3667603d3f2ff822

  • SHA1

    ce0c63d9c1dd967d68158156e1c88e731fa25447

  • SHA256

    0a6be94628e528a0354c71a800510ab89c442a5f3a428a49b729662d4d19529c

  • SHA512

    8ef21833c493cb7bfad632df1842216dbcf7fa54fd87cb065d8d32fc120635b802e93481128f01d53bb7b5f32fa4d50122b4099f38cc348f9153a3b43be6131a

  Score

  10^/10

  buerloaderpersistence

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer

  • Modifies WinLogon for persistence

    persistence

  • Buer Loader

    Detects Buer loader in memory or disk.

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2