Analysis
-
max time kernel
15s -
max time network
107s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
02-02-2021 14:16
General
-
Target
SecuriteInfo.com.Trojan.BuerLoader.1.17897.26464.exe
-
Size
83KB
-
MD5
f7fc343cbf86f08c7b529ab451677752
-
SHA1
1ef5d87b03502389362fa7a2aa3931b5e3e34353
-
SHA256
e81d26edffa4b4570584bd1cb36211587108dfbbfc24f303a2c3e261cc3c59c1
-
SHA512
c77f3ac253edd3f2bdd23593c098d5de2e4fdeae7f8dadb04a1da49a8d984b4a790a9a0e538eafad7e22075b9f6527cc387dc8c4920f15fcaa09c4048a1e0a37
Score
10/10
Malware Config
Extracted
Family
buer
C2
tokacpebanking.com
Signatures
-
Buer
Buer is a new modular loader first seen in August 2019.
-
Buer Loader 1 IoCs
Detects Buer loader in memory or disk.
-
Loads dropped DLL 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.BuerLoader.1.17897.26464.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.BuerLoader.1.17897.26464.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.BuerLoader.1.17897.26464.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.BuerLoader.1.17897.26464.exe"2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB