buer | c1a1988e6f043d0e73c9555ccaad2adb3683c22b0569fc0f6be24c3e4f8c82ff | Triage

Analysis

max time kernel
3s
max time network
10s
platform
windows7_x64
resource
win7v20201028
submitted
26-01-2021 18:37

Sharing

Report Analysis Logs

General

Target

font.tiff.exe
Size

235KB
MD5

cc0631f2ca59175c237e7fba06a7d533
SHA1

0c93576aeee786b1ef8818a56653d4c0e41a67df
SHA256

c1a1988e6f043d0e73c9555ccaad2adb3683c22b0569fc0f6be24c3e4f8c82ff
SHA512

d33b7ecd31f69e230c33dd3a86cc337c62870630c95e679d504a22779e9c57715754b58587f53e758e2becd0eef4bcf26d41d9a5ac1e6f42b961c84cc92bc918

Score

10^/10

buer loader

Malware Config

Extracted

Family

buer

C2

hetaskosupportcenter.com

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 2 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral1/memory/1108-3-0x00000000001B0000-0x00000000001B8000-memory.dmp	buer
behavioral1/memory/1108-4-0x0000000040000000-0x000000004000A000-memory.dmp	buer

C:\Users\Admin\AppData\Local\Temp\font.tiff.exe
"C:\Users\Admin\AppData\Local\Temp\font.tiff.exe"
1⤵
PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1108-2-0x0000000001D30000-0x0000000001D41000-memory.dmp

Filesize
68KB

Download
memory/1108-3-0x00000000001B0000-0x00000000001B8000-memory.dmp

Filesize
32KB

Download
memory/1108-4-0x0000000040000000-0x000000004000A000-memory.dmp

Filesize
40KB

Download