General

  • Target

    buer.exe

  • Size

    111KB

  • Sample

    201109-bdy6jy47cs

  • MD5

    f884618092b55e3edc48096757aab143

  • SHA1

    0c0ad1301fc561699dba22cc779decc0df5570a1

  • SHA256

    6728db086194c2fa6a8e17e7b13bac1f5329b501e6f93b3587416895d387d343

  • SHA512

    195f4995907e34867d72778fb7e5857ea16e802376cf7ef17e2af3afa64e929bacfed4ed1b60d71a1ad8ea29e47c795c97ee7e41b6a02db59c9cc68fbb32e6ad

Score
10/10

Malware Config

Extracted

Family

buer

C2

https://oopscll5.top/

https://1raidertr.top/

Targets

    • Target

      buer.exe

    • Size

      111KB

    • MD5

      f884618092b55e3edc48096757aab143

    • SHA1

      0c0ad1301fc561699dba22cc779decc0df5570a1

    • SHA256

      6728db086194c2fa6a8e17e7b13bac1f5329b501e6f93b3587416895d387d343

    • SHA512

      195f4995907e34867d72778fb7e5857ea16e802376cf7ef17e2af3afa64e929bacfed4ed1b60d71a1ad8ea29e47c795c97ee7e41b6a02db59c9cc68fbb32e6ad

    Score
    10/10
    • Buer

      Buer is a new modular loader first seen in August 2019.

    • Modifies WinLogon for persistence

    • Buer Loader

      Detects Buer loader in memory or disk.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks