buer | e4817740d78a5543811272a0b6de0a226594c84b2801926b53ced825f68bd529 | Triage

Submit
Reports

Overview

overview

Static

static

Internet-Win7-30min

windows7_x64

Sharing

General

Target

Doc-Print.exe
Size

368KB
Sample

200714-p21eh6tdy2
MD5

fcc9314bc996fa04721aa469e1d982df
SHA1

c306f42bd091c86328651e30c15ac49a7ebb02c4
SHA256

e4817740d78a5543811272a0b6de0a226594c84b2801926b53ced825f68bd529
SHA512

fac82d815108b111b3a63063e757c2d5ed367e3a94dbe3dc3af252f8c1968aead07df32405f3f16012b13b203f264d764666b49ac192daa98334a3c3be32c0f3

Score

10^/10

buer metasploit backdoor loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

Doc-Print.exe

Resource

win7

buer metasploit backdoor loader persistence trojan

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://162.244.81.87/

http://162.244.81.87:8080/

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://31.14.40.55:80/YRDm

Attributes

headers User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; qdesk 2.4.1263.203; Windows NT 6.1; WOW64; Trident/5.0)

Targets

- Target
  
  Doc-Print.exe
- Size
  
  368KB
- MD5
  
  fcc9314bc996fa04721aa469e1d982df
- SHA1
  
  c306f42bd091c86328651e30c15ac49a7ebb02c4
- SHA256
  
  e4817740d78a5543811272a0b6de0a226594c84b2801926b53ced825f68bd529
- SHA512
  
  fac82d815108b111b3a63063e757c2d5ed367e3a94dbe3dc3af252f8c1968aead07df32405f3f16012b13b203f264d764666b49ac192daa98334a3c3be32c0f3
Score

10^/10

buer metasploit backdoor loader persistence trojan
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- MetaSploit
  Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
  trojan backdoor metasploit
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buermetasploitbackdoorloaderpersistencetrojan

© 2018-2025

Terms | Privacy