Extracted

• • Target

    newbuer.exe

  • Size

    111KB

  • MD5

    4df84f8de8a5526f119c26518b529757

  • SHA1

    42d281abeb10649bff097504f20e8fc2c8e85f5c

  • SHA256

    9e746625abad522321067f546c40e8b26176ef5585bf3a45cb58ff758738f68c

  • SHA512

    68cd6ce9eb7f01d7e6b2b2fff6dfdf981834168cb406a7d67df1f4c9d78b36b22689b03e408e3e68faf76d3bb4b0abd109024d4e2389258ea64a89f54e4a4b88

  Score

  10^/10

  buerloaderpersistence

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer

  • Modifies WinLogon for persistence

    persistence

  • Buer Loader

    Detects Buer loader in memory or disk.

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2