buer | dd6a316b8476993c98d452e05bae3441426cd074a165dab259183cfb64a7b23c | Triage

Submit
Reports

Overview

overview

Static

static

8

Invoice106237.xls

windows7_x64

Invoice106237.xls

windows10_x64

Sharing

General

Target

Invoice106237.xls
Size

254KB
Sample

210202-a3ywsl68re
MD5

d99588c5238094b5c43ade66067fac80
SHA1

9fba7c1073ab55f4f4373f9df4af60602b487560
SHA256

dd6a316b8476993c98d452e05bae3441426cd074a165dab259183cfb64a7b23c
SHA512

e23f46341bd206219522fbb18154d3d48b5835281b107d2dba215e985e08b210307ff3dd54a39724045ec5a7427a76c4985e920e68f7c12feff53673adea8a24

Score

10^/10

buer loader macro xlm

Static task

static1

Behavioral task

behavioral1

Sample

Invoice106237.xls

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Invoice106237.xls

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://goldforexinstitute.com/wp-admin/images/gif/faxer.txt

Extracted

Family

buer

C2

tokacpebanking.com

Targets

- Target
  
  Invoice106237.xls
- Size
  
  254KB
- MD5
  
  d99588c5238094b5c43ade66067fac80
- SHA1
  
  9fba7c1073ab55f4f4373f9df4af60602b487560
- SHA256
  
  dd6a316b8476993c98d452e05bae3441426cd074a165dab259183cfb64a7b23c
- SHA512
  
  e23f46341bd206219522fbb18154d3d48b5835281b107d2dba215e985e08b210307ff3dd54a39724045ec5a7427a76c4985e920e68f7c12feff53673adea8a24
Score

10^/10

buer loader
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy