buer | 4f7ccbc55dda5ed45be0fc7dc48b18719556ac9018d5aa4eb9f9ff0470eaca95 | Triage

Submit
Reports

Overview

overview

Static

static

1

dw.pm.exe

windows7_x64

dw.pm.exe

windows10_x64

Sharing

General

Target

dw.pm.exe
Size

82KB
Sample

210201-rrle2q2rc2
MD5

49392cc9138f2d685737955950fd8d69
SHA1

8b418f639b4bc71ab224972537278f2d23676df8
SHA256

4f7ccbc55dda5ed45be0fc7dc48b18719556ac9018d5aa4eb9f9ff0470eaca95
SHA512

a75a58cda433f1baeeede01418661fc57512ba52dba585e2cf576294d7be4e39e9fc6af588cd5a3f855665abd038ca4d711567c22bbb1505752421d6357ff123

Score

10^/10

buer loader

Static task

static1

Behavioral task

behavioral1

Sample

dw.pm.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dw.pm.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

webgraitupeople.com

Targets

- Target
  
  dw.pm.exe
- Size
  
  82KB
- MD5
  
  49392cc9138f2d685737955950fd8d69
- SHA1
  
  8b418f639b4bc71ab224972537278f2d23676df8
- SHA256
  
  4f7ccbc55dda5ed45be0fc7dc48b18719556ac9018d5aa4eb9f9ff0470eaca95
- SHA512
  
  a75a58cda433f1baeeede01418661fc57512ba52dba585e2cf576294d7be4e39e9fc6af588cd5a3f855665abd038ca4d711567c22bbb1505752421d6357ff123
Score

10^/10

buer loader
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Buer Loader
  Detects Buer loader in memory or disk.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy