buer | 75c82c63584c1f0abdbb0dbb6eb035e2e9f56110becb07faac43ff7ef5349709 | Triage

Submit
Reports

Overview

overview

Static

static

Invoice_8003346.xlsm

windows7_x64

Invoice_8003346.xlsm

windows10_x64

Sharing

General

Target

Invoice_8003346_D7AB819708954E9278B9F972617DE716.zip
Size

29KB
Sample

210302-j3ny4dqelx
MD5

b34050327e6e474169935eb8943a964b
SHA1

d4ffc9b3f18fbcacd4d48bc54018704f3a3aae79
SHA256

75c82c63584c1f0abdbb0dbb6eb035e2e9f56110becb07faac43ff7ef5349709
SHA512

32780b42c23b6e4917fe7d220210b075afd74e7af5557af7ada4dd9a7ae36357197760fc5be1015ddd48982b5e945e16795a06aab4752a90ed5316f8a0e1ffd5

Score

10^/10

buer loader

Static task

static1

Behavioral task

behavioral1

Sample

Invoice_8003346.xlsm

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Invoice_8003346.xlsm

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://safedot.digital/pp

Extracted

Family

buer

C2

verstudiosan.com

Targets

- Target
  
  Invoice_8003346
- Size
  
  36KB
- MD5
  
  d7ab819708954e9278b9f972617de716
- SHA1
  
  c7b357e405a626b59099375deece067bdcebde10
- SHA256
  
  982fc27ec64259a058d2786546715915da3b0a8e9a730874656e5aaa642132b6
- SHA512
  
  2332fe94341446ea7c804e78231bf5a1f81957dabdd6d760d306c7853285bbed9d1b296921fb9d0258c0c424b09b385365182049154e816c9ee77a3ccc1d5ab3
Score

10^/10

buer loader
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy