General

  • Target

    web.exe

  • Size

    95KB

  • Sample

    201130-5s697nzqy6

  • MD5

    bf613fe70f790d4b932601daa60a8797

  • SHA1

    b53db9020c6115cea9e36dc9764bd45e5d9cfd6c

  • SHA256

    1c8260f2d597cfc1922ca72162e1eb3f8272c2d18fa41d77b145d32256c0063d

  • SHA512

    ce53eab5bd74fc2c70cf01d44597e63f50d27d2baaaf25cb166ab0f2c83add4773d936bbbebdfe03b30cd0a677b6b269abf8c8af02b3597c055a149e416db286

Score
10/10

Malware Config

Extracted

Family

buer

C2

basiliskbank.com

Targets

    • Target

      web.exe

    • Size

      95KB

    • MD5

      bf613fe70f790d4b932601daa60a8797

    • SHA1

      b53db9020c6115cea9e36dc9764bd45e5d9cfd6c

    • SHA256

      1c8260f2d597cfc1922ca72162e1eb3f8272c2d18fa41d77b145d32256c0063d

    • SHA512

      ce53eab5bd74fc2c70cf01d44597e63f50d27d2baaaf25cb166ab0f2c83add4773d936bbbebdfe03b30cd0a677b6b269abf8c8af02b3597c055a149e416db286

    Score
    10/10
    • Buer

      Buer is a new modular loader first seen in August 2019.

    • Buer Loader

      Detects Buer loader in memory or disk.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks