buer | 211ddc016588fbbf96534c95de2b9c4f48d15ee89e45ddd647a7316497f80ff5 | Triage

Submit
Reports

Overview

overview

Static

static

211ddc0165...f5.exe

windows7_x64

211ddc0165...f5.exe

windows10_x64

Sharing

General

Target

211ddc016588fbbf96534c95de2b9c4f48d15ee89e45ddd647a7316497f80ff5
Size

33KB
Sample

201110-w1h1cfy4qj
MD5

ccf7d3adb21dfd77bf7f60e4a4751d1e
SHA1

093757c4099cd0cd2bd1e7a0f4d64b78754888b9
SHA256

211ddc016588fbbf96534c95de2b9c4f48d15ee89e45ddd647a7316497f80ff5
SHA512

109923ef9c06016a0e376b862b88e415a4943fecbe907687751abd604d4d052987029cea9e5b5b165ec694c468b2491c8063787e073522e1813ff20907ae6936

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

211ddc016588fbbf96534c95de2b9c4f48d15ee89e45ddd647a7316497f80ff5.exe

Resource

win7v20201028

buer loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

211ddc016588fbbf96534c95de2b9c4f48d15ee89e45ddd647a7316497f80ff5.exe

Resource

win10v20201028

buer loader persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://wowvideos.online/

https://95.216.251.216/

Targets

- Target
  
  211ddc016588fbbf96534c95de2b9c4f48d15ee89e45ddd647a7316497f80ff5
- Size
  
  33KB
- MD5
  
  ccf7d3adb21dfd77bf7f60e4a4751d1e
- SHA1
  
  093757c4099cd0cd2bd1e7a0f4d64b78754888b9
- SHA256
  
  211ddc016588fbbf96534c95de2b9c4f48d15ee89e45ddd647a7316497f80ff5
- SHA512
  
  109923ef9c06016a0e376b862b88e415a4943fecbe907687751abd604d4d052987029cea9e5b5b165ec694c468b2491c8063787e073522e1813ff20907ae6936
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2025

Terms | Privacy