buer | 340cdccf8bccec7270e1fe2ca48cb329b8270872fbf1a84c7f55642962dc1acd | Triage

Submit
Reports

Overview

overview

Static

static

340cdccf8b...cd.exe

windows7_x64

340cdccf8b...cd.exe

windows10_x64

Sharing

General

Target

340cdccf8bccec7270e1fe2ca48cb329b8270872fbf1a84c7f55642962dc1acd
Size

48KB
Sample

201117-hny9z7ss52
MD5

76a230f34d4a3a9127ba6006c1260438
SHA1

c52117e45e24a8c3c6ef53286ff29cfcdd12ca85
SHA256

340cdccf8bccec7270e1fe2ca48cb329b8270872fbf1a84c7f55642962dc1acd
SHA512

c1f32f1600558ccf5898a2fb4d8cf2b34d6380e73c31804e667325fb9e6fa6e392b0da61c86228cc00d7a36b4340a10a29b54d355101a9c95946d31445d63d8b

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

340cdccf8bccec7270e1fe2ca48cb329b8270872fbf1a84c7f55642962dc1acd.exe

Resource

win7v20201028

buer loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

340cdccf8bccec7270e1fe2ca48cb329b8270872fbf1a84c7f55642962dc1acd.exe

Resource

win10v20201028

buer loader persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://restaurantfutureworld.net/

https://snowhotdogletter.net/

Targets

- Target
  
  340cdccf8bccec7270e1fe2ca48cb329b8270872fbf1a84c7f55642962dc1acd
- Size
  
  48KB
- MD5
  
  76a230f34d4a3a9127ba6006c1260438
- SHA1
  
  c52117e45e24a8c3c6ef53286ff29cfcdd12ca85
- SHA256
  
  340cdccf8bccec7270e1fe2ca48cb329b8270872fbf1a84c7f55642962dc1acd
- SHA512
  
  c1f32f1600558ccf5898a2fb4d8cf2b34d6380e73c31804e667325fb9e6fa6e392b0da61c86228cc00d7a36b4340a10a29b54d355101a9c95946d31445d63d8b
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2024

Terms | Privacy