Overview

overview

10

Static

static

8

Private fi...19.xls

windows7_x64

10

Private fi...19.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Private file #3741119.xls

  • Size

    90KB

  • Sample

    210309-exwdyqlgj6

  • MD5

    764d3e3bf1bd4c9fe1a06e6c7ce511cd

  • SHA1

    95e56031bf5ddb9b5aeed9e9f1d2d92410f69490

  • SHA256

    ddd23286a06e4a24ae80188fd959f6f1aff568c133c27e74b5ff98b14695ff70

  • SHA512

    5008a03926dd1420883ca172dc2dd28c6cb807813a38ceb16630742a35b1fad83a4014e829e811d13f3538df993cb59f869438992b6b9de152f44eff04565b14

Score
10/10
buerloadermacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://techlog.xyz/page.icore

Extracted

Family

buer

C2

miyfandecompany.com

Targets

    • Target

      Private file #3741119.xls

    • Size

      90KB

    • MD5

      764d3e3bf1bd4c9fe1a06e6c7ce511cd

    • SHA1

      95e56031bf5ddb9b5aeed9e9f1d2d92410f69490

    • SHA256

      ddd23286a06e4a24ae80188fd959f6f1aff568c133c27e74b5ff98b14695ff70

    • SHA512

      5008a03926dd1420883ca172dc2dd28c6cb807813a38ceb16630742a35b1fad83a4014e829e811d13f3538df993cb59f869438992b6b9de152f44eff04565b14

    Score
    10/10
    buerloader

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Buer Loader

      Detects Buer loader in memory or disk.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks