buer | 045a7318a9e2e550208c0c7e9fc805068df19fa73823ac3acaa049a46c4045ee | Triage

Submit
Reports

Overview

overview

Static

static

1

test

windows7_x64

Resubmissions

01-03-2021 12:39

210301-hljgx9mjf6 10

01-03-2021 09:44

210301-j2zt4ynxgn 10

Sharing

General

Target

045a7318a9e2e550208c0c7e9fc805068df19fa73823ac3acaa049a46c4045ee
Size

273KB
Sample

210301-hljgx9mjf6
MD5

1ddd876da3731823324ffa302ddddcba
SHA1

2f6d73554c05dbda6cd738a2f38d5cdae2cdd4b7
SHA256

045a7318a9e2e550208c0c7e9fc805068df19fa73823ac3acaa049a46c4045ee
SHA512

88f453489949abdf85f733b746c7d1983ccd84d8c528840fdd749c207d97acb1ef3b87487e0f4eb3a9965450c51b3bf2230ad0dfff0b6c6b318b24b6c24911c5

Score

10^/10

buer loader

Static task

static1

Behavioral task

behavioral1

Sample

045a7318a9e2e550208c0c7e9fc805068df19fa73823ac3acaa049a46c4045ee.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

shetylo-v1.com

Targets

- Target
  
  045a7318a9e2e550208c0c7e9fc805068df19fa73823ac3acaa049a46c4045ee
- Size
  
  273KB
- MD5
  
  1ddd876da3731823324ffa302ddddcba
- SHA1
  
  2f6d73554c05dbda6cd738a2f38d5cdae2cdd4b7
- SHA256
  
  045a7318a9e2e550208c0c7e9fc805068df19fa73823ac3acaa049a46c4045ee
- SHA512
  
  88f453489949abdf85f733b746c7d1983ccd84d8c528840fdd749c207d97acb1ef3b87487e0f4eb3a9965450c51b3bf2230ad0dfff0b6c6b318b24b6c24911c5
Score

10^/10

buer loader
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Buer Loader
  Detects Buer loader in memory or disk.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy