buer | 85da0e15d51bbb0ff7efe69d6cf0e1858efaa0ba1993222868ee71d3d755e124 | Triage

Submit
Reports

Overview

overview

Static

static

85da0e15d5...24.exe

windows7_x64

85da0e15d5...24.exe

windows10_x64

Sharing

General

Target

85da0e15d51bbb0ff7efe69d6cf0e1858efaa0ba1993222868ee71d3d755e124
Size

35KB
Sample

201109-k5prgaf7c2
MD5

6f14c56f141d8eb8ccc58f6e3f341426
SHA1

70d9bc4ded0b7546ad7ee6d4873a5f5f58bc04e7
SHA256

85da0e15d51bbb0ff7efe69d6cf0e1858efaa0ba1993222868ee71d3d755e124
SHA512

c91fb3355543beb3040ee4ef1287f1725f834279cc58786fe37fe0859612198b69e971c9910d379254018b51d0058749ae6199e28aec15d9ef5ce76fd3bbe5bd

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

85da0e15d51bbb0ff7efe69d6cf0e1858efaa0ba1993222868ee71d3d755e124.exe

Resource

win7v20201028

buer loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

85da0e15d51bbb0ff7efe69d6cf0e1858efaa0ba1993222868ee71d3d755e124.exe

Resource

win10v20201028

buer loader persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://gstatiknetiplist.cc/

https://gstatiknetiplist.com/

Targets

- Target
  
  85da0e15d51bbb0ff7efe69d6cf0e1858efaa0ba1993222868ee71d3d755e124
- Size
  
  35KB
- MD5
  
  6f14c56f141d8eb8ccc58f6e3f341426
- SHA1
  
  70d9bc4ded0b7546ad7ee6d4873a5f5f58bc04e7
- SHA256
  
  85da0e15d51bbb0ff7efe69d6cf0e1858efaa0ba1993222868ee71d3d755e124
- SHA512
  
  c91fb3355543beb3040ee4ef1287f1725f834279cc58786fe37fe0859612198b69e971c9910d379254018b51d0058749ae6199e28aec15d9ef5ce76fd3bbe5bd
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2025

Terms | Privacy