buer | 2ab0259da85215561573043bdec94b68e0e2cf391de21ef69f5f03b16020fe62 | Triage

Sharing

General

Target

70984b87_by_Libranalysis
Size

22KB
Sample

210514-424r5jrx9n
MD5

70984b874999940634832f629fadc7e2
SHA1

a904157e2027e98f651f8186998c8c9a4d5981d5
SHA256

2ab0259da85215561573043bdec94b68e0e2cf391de21ef69f5f03b16020fe62
SHA512

b23415a9c623a8d28759ad740a39fa2f57d41e8a0577da6015c9ad1a4dc002bd2e41b015915200f1ac1629c4829ab5a192a0a3eaed856648df657e1f84a06213

Score

10^/10

buer loader persistence

Malware Config

Extracted

Family

buer

C2

https://162.244.81.87/

http://162.244.81.87:8080/

Targets

- Target
  
  214053f.bin
- Size
  
  38KB
- MD5
  
  1f4ce9581d372c6297794233cbeca1ea
- SHA1
  
  c9661c46db129433e350d1ca3fd0ebd79b190f88
- SHA256
  
  f23db00ee052d07bf66ce6aa644ead488e182dfb21c4c5c42bb9677db839a310
- SHA512
  
  571c4a811586bf26b3de8cbcc59be0b27f4fb58826844e8ef73dcf8c61af8c918dd8c06f42339867b4877f00ab11e8ec8d1901afbde57e967748ccd23425447f
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Deletes itself
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

buerloaderpersistence