Overview

overview

10

Static

static

10

9f5b423a93...96.exe

windows7_x64

10

9f5b423a93...96.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9f5b423a9328974ee01c625ab5338e698fa19f711c233ba941489eb802dadc96

  • Size

    1.1MB

  • Sample

    201109-zd8hh95bm6

  • MD5

    598b8633e7ca22ed1fb1f90d13215880

  • SHA1

    01cd937912b153bad8bb9ee2c7314cb03b65fc5e

  • SHA256

    9f5b423a9328974ee01c625ab5338e698fa19f711c233ba941489eb802dadc96

  • SHA512

    5899fdff91b6901363fad1f9b88f7150a264eba207f47819540af4576a44f03f64b267cf5dfb5b699d4b6955eda1708c18e59dbb5e66cbc3ac53b4849cddf601

Score
10/10
buerloaderpersistencevmprotect

Malware Config

Targets

    • Target

      9f5b423a9328974ee01c625ab5338e698fa19f711c233ba941489eb802dadc96

    • Size

      1.1MB

    • MD5

      598b8633e7ca22ed1fb1f90d13215880

    • SHA1

      01cd937912b153bad8bb9ee2c7314cb03b65fc5e

    • SHA256

      9f5b423a9328974ee01c625ab5338e698fa19f711c233ba941489eb802dadc96

    • SHA512

      5899fdff91b6901363fad1f9b88f7150a264eba207f47819540af4576a44f03f64b267cf5dfb5b699d4b6955eda1708c18e59dbb5e66cbc3ac53b4849cddf601

    Score
    10/10
    buerloaderpersistencevmprotect

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Modifies WinLogon for persistence

      persistence

    • Buer Loader

      Detects Buer loader in memory or disk.

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Deletes itself

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks