buer | 61feca446ab393ad4a1ccbb92623ee847b08862ef4b6cac5ff2b0c0976abc6b5 | Triage

Sharing

General

Target

61feca446ab393ad4a1ccbb92623ee847b08862ef4b6cac5ff2b0c0976abc6b5
Size

657KB
Sample

211128-z1qsdsaffm
MD5

ef93f30fe316bfdaacd4076b59b6e804
SHA1

0bfe39ff3250d91c890b50895b4612f3eac5bf4a
SHA256

61feca446ab393ad4a1ccbb92623ee847b08862ef4b6cac5ff2b0c0976abc6b5
SHA512

ad033691cc215c13ee2fb18adc82f3f90dfe0b51088588c630955436d36980d570acae0d45500e073e71cf556b37c20a40e6505983a2026fbe6a03ecb40d9b49

Score

10^/10

buer loader persistence

Malware Config

Extracted

Family

buer

C2

https://mesoplano.com/

https://banusle.top/

Targets

- Target
  
  61feca446ab393ad4a1ccbb92623ee847b08862ef4b6cac5ff2b0c0976abc6b5
- Size
  
  657KB
- MD5
  
  ef93f30fe316bfdaacd4076b59b6e804
- SHA1
  
  0bfe39ff3250d91c890b50895b4612f3eac5bf4a
- SHA256
  
  61feca446ab393ad4a1ccbb92623ee847b08862ef4b6cac5ff2b0c0976abc6b5
- SHA512
  
  ad033691cc215c13ee2fb18adc82f3f90dfe0b51088588c630955436d36980d570acae0d45500e073e71cf556b37c20a40e6505983a2026fbe6a03ecb40d9b49
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Deletes itself
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

buerloaderpersistence