General

  • Target

    Electronic_Tracking_INV_#9836582365728523752.exe

  • Size

    245KB

  • Sample

    200811-wzavn447yn

  • MD5

    64f86981c7450dfd2c3915f213fc6720

  • SHA1

    5410d0e8569f0936b32de3199e8a187d6227fc1f

  • SHA256

    a1bdc2ca2e359ac7d5c26afb3cd89bb39285b8a8acc5876e691ceb4ba807b704

  • SHA512

    02e9e2e41a96a4e0279de44c5cdd7c18a4d08966e0e2ba9979d929f0fa5a902db1ceb3f2eb8a73d97725eed917f9e57d11999a0218f3f286908bf7e731931b22

Score
10/10

Malware Config

Extracted

Family

buer

C2

https://specialhosting.ga/

Targets

    • Target

      Electronic_Tracking_INV_#9836582365728523752.exe

    • Size

      245KB

    • MD5

      64f86981c7450dfd2c3915f213fc6720

    • SHA1

      5410d0e8569f0936b32de3199e8a187d6227fc1f

    • SHA256

      a1bdc2ca2e359ac7d5c26afb3cd89bb39285b8a8acc5876e691ceb4ba807b704

    • SHA512

      02e9e2e41a96a4e0279de44c5cdd7c18a4d08966e0e2ba9979d929f0fa5a902db1ceb3f2eb8a73d97725eed917f9e57d11999a0218f3f286908bf7e731931b22

    Score
    10/10
    • Buer

      Buer is a new modular loader first seen in August 2019.

    • Modifies WinLogon for persistence

    • Buer Loader

      Detects Buer loader in memory or disk.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Defense Evasion

Modify Registry

1
T1112

Tasks