Overview

overview

10

Static

static

8

Invoice267782.xls

windows7_x64

10

Invoice267782.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice267782.xls

  • Size

    254KB

  • Sample

    210203-yqqxsyd68j

  • MD5

    7e15415b138af90c8388aa309276ef7e

  • SHA1

    23aba1aaf9d35894333fe29c86f76a236f602bdd

  • SHA256

    5fdb1b3df88e49123804cb3cbdfee96b1e29371ca7ac6f27e3c57228a563aa10

  • SHA512

    a275f4292dde13441d9dab4bd48b1acd9e88f7b1fbabd55dd33bced1f085d9b6d1b79121edda8fb99f8ae05d184d3e94940d14a4da6156094ead4620a1e12ea6

Score
10/10
buerloadermacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://nongsanxanhsach.com/licenser.txt

Extracted

Family

buer

C2

webgraitupeople.com

Targets

    • Target

      Invoice267782.xls

    • Size

      254KB

    • MD5

      7e15415b138af90c8388aa309276ef7e

    • SHA1

      23aba1aaf9d35894333fe29c86f76a236f602bdd

    • SHA256

      5fdb1b3df88e49123804cb3cbdfee96b1e29371ca7ac6f27e3c57228a563aa10

    • SHA512

      a275f4292dde13441d9dab4bd48b1acd9e88f7b1fbabd55dd33bced1f085d9b6d1b79121edda8fb99f8ae05d184d3e94940d14a4da6156094ead4620a1e12ea6

    Score
    10/10
    buerloader

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Buer Loader

      Detects Buer loader in memory or disk.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks