SCD10093264.jpg.exe

General
Target

SCD10093264.jpg.exe

Size

104KB

Sample

210212-y931k5cqtn

Score
10 /10
MD5

1fa27c5e084887e9e3a2e232d27e10e3

SHA1

a7c98a694753ed745e8618369d16e39c46cca1e7

SHA256

41a4ee153b3c61cc8ed50de571e5b8f884de1c8c07332b7b31f238360832988c

SHA512

81ecb5e4b3ea478f27509d1eafd106ec224fc0ccdfd411cb3b2345fc752d738f6300fd575a2941611e1763dce125364fb765a48835249cd7e7e33e28a01f40b5

Malware Config

Extracted

Family buer
C2

dtermalherbhos.com

Targets
Target

SCD10093264.jpg.exe

MD5

1fa27c5e084887e9e3a2e232d27e10e3

Filesize

104KB

Score
10 /10
SHA1

a7c98a694753ed745e8618369d16e39c46cca1e7

SHA256

41a4ee153b3c61cc8ed50de571e5b8f884de1c8c07332b7b31f238360832988c

SHA512

81ecb5e4b3ea478f27509d1eafd106ec224fc0ccdfd411cb3b2345fc752d738f6300fd575a2941611e1763dce125364fb765a48835249cd7e7e33e28a01f40b5

Tags

Signatures

  • Buer

    Description

    Buer is a new modular loader first seen in August 2019.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Buer Loader

    Description

    Detects Buer loader in memory or disk.

  • Loads dropped DLL

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query Registry Peripheral Device Discovery System Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        1/10

                        behavioral1

                        10/10