buer | 9b6b1c78310d6db88d9809d68e486388166fe5298c6c5f2c58d7726069ab609e | Triage

Analysis

max time kernel
12s
max time network
110s
platform
windows10_x64
resource
win10v20201028
submitted
11-03-2021 20:46

Sharing

Report Analysis Logs

General

Target

OfficeDocument.exe
Size

268KB
MD5

4a390ee0059d13629b242bde09f597a3
SHA1

3ec00cfacefe739fff9e7de17cab8726e9eef5e3
SHA256

9b6b1c78310d6db88d9809d68e486388166fe5298c6c5f2c58d7726069ab609e
SHA512

3b398e7a3b6512d4239a2d604d362d29619b6041a45ba28d9874ee4c3a30108c96ff23dbbb885448eafc0373d3995904ab360f6465acb7fc20e3f995a7f9a5ab

Score

10^/10

buer loader

Malware Config

Extracted

Family

buer

C2

megawesternbank.com

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 2 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral2/memory/880-3-0x0000000000030000-0x0000000000038000-memory.dmp	buer
behavioral2/memory/880-4-0x0000000040000000-0x000000004000A000-memory.dmp	buer

C:\Users\Admin\AppData\Local\Temp\OfficeDocument.exe
"C:\Users\Admin\AppData\Local\Temp\OfficeDocument.exe"
1⤵
PID:880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/880-2-0x00000000009B0000-0x00000000009B1000-memory.dmp

Filesize
4KB

Download
memory/880-3-0x0000000000030000-0x0000000000038000-memory.dmp

Filesize
32KB

Download
memory/880-4-0x0000000040000000-0x000000004000A000-memory.dmp

Filesize
40KB

Download