buer | c69a9adf7333a5098d91be899802e6f0e77de4d1be8d11363dccd0fc830311c5 | Triage

Submit
Reports

Overview

overview

Static

static

ken.exe

windows7_x64

ken.exe

windows10_x64

Sharing

General

Target

ken.exe
Size

228KB
Sample

200810-prt85hlana
MD5

14e0e1a26f0e29171486cb2feb89fc3e
SHA1

cb3f2b4e3f5060088c6158f4b6c5b6d627f68a20
SHA256

c69a9adf7333a5098d91be899802e6f0e77de4d1be8d11363dccd0fc830311c5
SHA512

12ea8bb6bdcc809a2ba46a33cb69e4535af3a5ba9750179cf1a8f050ae1e3f0ea544000d504a2318c8d22e297eaa466f7977c593f3d00ec2c24276e66abd8430

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

ken.exe

Resource

win7

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ken.exe

Resource

win10

buer loader persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://rawcookies.ru/

https://westkingz.ru/

Targets

- Target
  
  ken.exe
- Size
  
  228KB
- MD5
  
  14e0e1a26f0e29171486cb2feb89fc3e
- SHA1
  
  cb3f2b4e3f5060088c6158f4b6c5b6d627f68a20
- SHA256
  
  c69a9adf7333a5098d91be899802e6f0e77de4d1be8d11363dccd0fc830311c5
- SHA512
  
  12ea8bb6bdcc809a2ba46a33cb69e4535af3a5ba9750179cf1a8f050ae1e3f0ea544000d504a2318c8d22e297eaa466f7977c593f3d00ec2c24276e66abd8430
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

buerloaderpersistence

© 2018-2025

Terms | Privacy