General
-
Target
buer.exe
-
Size
111KB
-
Sample
201109-bdy6jy47cs
-
MD5
f884618092b55e3edc48096757aab143
-
SHA1
0c0ad1301fc561699dba22cc779decc0df5570a1
-
SHA256
6728db086194c2fa6a8e17e7b13bac1f5329b501e6f93b3587416895d387d343
-
SHA512
195f4995907e34867d72778fb7e5857ea16e802376cf7ef17e2af3afa64e929bacfed4ed1b60d71a1ad8ea29e47c795c97ee7e41b6a02db59c9cc68fbb32e6ad
Static task
static1
Behavioral task
behavioral1
Sample
buer.exe
Resource
win7v20201028
Malware Config
Extracted
buer
https://oopscll5.top/
https://1raidertr.top/
Targets
-
-
Target
buer.exe
-
Size
111KB
-
MD5
f884618092b55e3edc48096757aab143
-
SHA1
0c0ad1301fc561699dba22cc779decc0df5570a1
-
SHA256
6728db086194c2fa6a8e17e7b13bac1f5329b501e6f93b3587416895d387d343
-
SHA512
195f4995907e34867d72778fb7e5857ea16e802376cf7ef17e2af3afa64e929bacfed4ed1b60d71a1ad8ea29e47c795c97ee7e41b6a02db59c9cc68fbb32e6ad
Score10/10-
Modifies WinLogon for persistence
-
Buer Loader
Detects Buer loader in memory or disk.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-