buer | 6c7f43434e5db8703c0a47dedeeab976159d8704bfbe2e4ff65405f38d508e9d | Triage

Analysis

max time kernel
7s
max time network
15s
platform
windows7_x64
resource
win7v200722
submitted
23-09-2020 12:36

Sharing

Report Analysis Logs

General

Target

Print_Document.exe
Size

598KB
MD5

8b44470c7ff69ae671ff6e04550ee15f
SHA1

123f9a7487cd0fdd772f0e7bb19e70d1ee3a32e7
SHA256

6c7f43434e5db8703c0a47dedeeab976159d8704bfbe2e4ff65405f38d508e9d
SHA512

0e03e5895bd406ed61c6e5343e184eb5a86d4ee1b195b35be88fea4fee4508b0a525725ec92971f2c0bc1a929d4dda1f0853bc576071cdefef8adb1a5f45e0de

Score

10^/10

buer loader

Malware Config

Extracted

Family

buer

C2

https://104.248.83.13/

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 2 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral1/memory/1620-0-0x0000000000250000-0x000000000025F000-memory.dmp	buer
behavioral1/memory/1620-1-0x0000000040000000-0x000000004000C000-memory.dmp	buer

C:\Users\Admin\AppData\Local\Temp\Print_Document.exe
"C:\Users\Admin\AppData\Local\Temp\Print_Document.exe"
1⤵
PID:1620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1620-0-0x0000000000250000-0x000000000025F000-memory.dmp

Filesize
60KB

Download
memory/1620-1-0x0000000040000000-0x000000004000C000-memory.dmp

Filesize
48KB

Download