Resubmissions

02-12-2020 13:57

201202-jdp64q14ds 7

02-12-2020 13:45

201202-1y5asrdnke 7

01-12-2020 09:29

201201-zsltvgg6kj 7

01-12-2020 09:16

201201-4t8lf6xbr6 10

General

  • Target

    sprintopen.exe

  • Size

    80KB

  • Sample

    201201-4t8lf6xbr6

  • MD5

    e91d1087dc9767e75f14b335c8d88233

  • SHA1

    ddafa725ecd7b2a59bef559904a45d379f593bc7

  • SHA256

    b298ead0400aaf886dbe0a0720337e6f2efd5e2a3ac1a7e7da54fc7b6e4f4277

  • SHA512

    e7e38ada160ac79ba3204700a7c92cb3fb48cde6936545007bdca8d0b60692a7b8c6baa1fea3c0127293733046712d479efb3d8793541f71a786cef018780b5d

Score
10/10

Malware Config

Extracted

Family

buer

C2

uskatoinaloffice.com

Targets

    • Target

      sprintopen.exe

    • Size

      80KB

    • MD5

      e91d1087dc9767e75f14b335c8d88233

    • SHA1

      ddafa725ecd7b2a59bef559904a45d379f593bc7

    • SHA256

      b298ead0400aaf886dbe0a0720337e6f2efd5e2a3ac1a7e7da54fc7b6e4f4277

    • SHA512

      e7e38ada160ac79ba3204700a7c92cb3fb48cde6936545007bdca8d0b60692a7b8c6baa1fea3c0127293733046712d479efb3d8793541f71a786cef018780b5d

    Score
    10/10
    • Buer

      Buer is a new modular loader first seen in August 2019.

    • Buer Loader

      Detects Buer loader in memory or disk.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks