buer | 63e6f759e7978643e5b7998f737688b8a5c08ad0ce843ba20822c7d9125e4714 | Triage

Submit
Reports

Overview

overview

Static

static

Private document.docm

windows7_x64

Private document.docm

windows10_x64

Sharing

General

Target

Private document.docm
Size

2.0MB
Sample

210315-fk2mczj2hn
MD5

526e3392d7634da433db9ae9dce6a9b6
SHA1

f182af125f4b8b0953ab2755e50dc5a8ba3294c9
SHA256

63e6f759e7978643e5b7998f737688b8a5c08ad0ce843ba20822c7d9125e4714
SHA512

961d2b015376d723023f55659b9c1d3f7bdccf934d73c751cb7acf1fa8685a5e88308c8feb31bc132487d243c060b2fdcd2c176a1d1dd23d0c22339f342aeab1

Score

10^/10

buer loader

Static task

static1

Behavioral task

behavioral1

Sample

Private document.docm

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Private document.docm

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

cembank-api.com

Targets

- Target
  
  Private document.docm
- Size
  
  2.0MB
- MD5
  
  526e3392d7634da433db9ae9dce6a9b6
- SHA1
  
  f182af125f4b8b0953ab2755e50dc5a8ba3294c9
- SHA256
  
  63e6f759e7978643e5b7998f737688b8a5c08ad0ce843ba20822c7d9125e4714
- SHA512
  
  961d2b015376d723023f55659b9c1d3f7bdccf934d73c751cb7acf1fa8685a5e88308c8feb31bc132487d243c060b2fdcd2c176a1d1dd23d0c22339f342aeab1
Score

10^/10

buer loader
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy