Extracted

Extracted

• • Target

    214053f.exe

  • Size

    38KB

  • MD5

    1f4ce9581d372c6297794233cbeca1ea

  • SHA1

    c9661c46db129433e350d1ca3fd0ebd79b190f88

  • SHA256

    f23db00ee052d07bf66ce6aa644ead488e182dfb21c4c5c42bb9677db839a310

  • SHA512

    571c4a811586bf26b3de8cbcc59be0b27f4fb58826844e8ef73dcf8c61af8c918dd8c06f42339867b4877f00ab11e8ec8d1901afbde57e967748ccd23425447f

  Score

  10^/10

  buercobaltstrikemetasploitbackdoorloaderpersistencetrojan

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies WinLogon for persistence

    persistence

  • Buer Loader

    Detects Buer loader in memory or disk.

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1