General

  • Target

    https://u5508193.ct.sendgrid.net/ls/click?upn=ixhKURVLJcbA2tXqdftGSsfCM-2BwOmFzlt0eOoM0NyeBq9-2Bmygo7PXP8-2BaWKIUh6Cq4NZP4qLo3ujJpOJ7iVe-2FwpJHh8SIyJ1jBsZJI1vZ-2BBeafgp-2BomH4XvQTk-2FHNfrDzjpwO7rxctOq3nXdPlRGjiz94uPtPo7ih2TCloEzpJ695k2vE0YYfCFr5QshmympGnb1_si52RC6zvqCZnXAviXfkiwxbn-2FVUQeKoGXbWkXzjPY3YBJjTaH6WP0O0ZO9yjN-2BW9AsLdN4WaoyFzAJ7Gi1xHKtRRj9yW-2B9HmcdjbFcoDelmqSL-2FyrIuftSknPUBBnziM0nrzwWpaeMCrFIYvBb-2Bh6M9VG4b3aF-2Bp4BEDDNO197sXPlMUCU3x2xaFr3feukJh-2FWfCR0F9qVU6s90aScvrQ-3D-3D

  • Sample

    200922-llql6tgr12

Score
10/10

Malware Config

Extracted

Family

buer

C2

https://104.248.83.13/

Targets

    • Target

      https://u5508193.ct.sendgrid.net/ls/click?upn=ixhKURVLJcbA2tXqdftGSsfCM-2BwOmFzlt0eOoM0NyeBq9-2Bmygo7PXP8-2BaWKIUh6Cq4NZP4qLo3ujJpOJ7iVe-2FwpJHh8SIyJ1jBsZJI1vZ-2BBeafgp-2BomH4XvQTk-2FHNfrDzjpwO7rxctOq3nXdPlRGjiz94uPtPo7ih2TCloEzpJ695k2vE0YYfCFr5QshmympGnb1_si52RC6zvqCZnXAviXfkiwxbn-2FVUQeKoGXbWkXzjPY3YBJjTaH6WP0O0ZO9yjN-2BW9AsLdN4WaoyFzAJ7Gi1xHKtRRj9yW-2B9HmcdjbFcoDelmqSL-2FyrIuftSknPUBBnziM0nrzwWpaeMCrFIYvBb-2Bh6M9VG4b3aF-2Bp4BEDDNO197sXPlMUCU3x2xaFr3feukJh-2FWfCR0F9qVU6s90aScvrQ-3D-3D

    Score
    10/10
    • Buer

      Buer is a new modular loader first seen in August 2019.

    • Buer Loader

      Detects Buer loader in memory or disk.

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks