buer | 6b208bb60a779b6b4e202aa7b7593cdc0695f0534527d8d3a66c13977ef1c572 | Triage

Submit
Reports

Overview

overview

Static

static

1

windowspho...dr.exe

windows7_x64

windowspho...dr.exe

windows10_x64

Sharing

General

Target

windowsphoto.exe.0.dr
Size

115KB
Sample

210202-fcrmfhyps2
MD5

edacbd011f5d6d4bd0646ebdff7499ca
SHA1

e2bf855bee49f9d5c27ad85721f850db858dd7af
SHA256

6b208bb60a779b6b4e202aa7b7593cdc0695f0534527d8d3a66c13977ef1c572
SHA512

9354c11d075761d4a8b1e63905950044e370e75db166ea3119a33e2de4874e9c9983ca4dd4be114a2a6ad390d8fa7712c49b441432bf7c741448ba6cf423c5aa

Score

10^/10

buer loader

Static task

static1

Behavioral task

behavioral1

Sample

windowsphoto.exe.0.dr.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

windowsphoto.exe.0.dr.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

tokacpebanking.com

Targets

- Target
  
  windowsphoto.exe.0.dr
- Size
  
  115KB
- MD5
  
  edacbd011f5d6d4bd0646ebdff7499ca
- SHA1
  
  e2bf855bee49f9d5c27ad85721f850db858dd7af
- SHA256
  
  6b208bb60a779b6b4e202aa7b7593cdc0695f0534527d8d3a66c13977ef1c572
- SHA512
  
  9354c11d075761d4a8b1e63905950044e370e75db166ea3119a33e2de4874e9c9983ca4dd4be114a2a6ad390d8fa7712c49b441432bf7c741448ba6cf423c5aa
Score

10^/10

buer loader
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Buer Loader
  Detects Buer loader in memory or disk.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy