buer | ef0e8df5c700e64d5d2e8dde4c9b5c117abfc919c676ff383019c585e8e367b0 | Triage

Sharing

General

Target

ef0e8df5c700e64d5d2e8dde4c9b5c117abfc919c676ff383019c585e8e367b0
Size

814KB
Sample

220201-c7bwgsgad5
MD5

3e3563c9eb5692e5ef8957b5cccc6388
SHA1

741e0d1c224e813fbc77b379ae8cd75f99f05821
SHA256

ef0e8df5c700e64d5d2e8dde4c9b5c117abfc919c676ff383019c585e8e367b0
SHA512

4fef9a80fcec9464e3023664045a9f7592e2393026e1197545bb6f0a87c2837c7a1c0c2e56eae4b7258136901eb096660463aab7499460c9a1b91037fe273849

Score

10^/10

buer loader persistence

Malware Config

Extracted

Family

buer

C2

http://mainserver.host/

http://reservestation.host/

Targets

- Target
  
  ef0e8df5c700e64d5d2e8dde4c9b5c117abfc919c676ff383019c585e8e367b0
- Size
  
  814KB
- MD5
  
  3e3563c9eb5692e5ef8957b5cccc6388
- SHA1
  
  741e0d1c224e813fbc77b379ae8cd75f99f05821
- SHA256
  
  ef0e8df5c700e64d5d2e8dde4c9b5c117abfc919c676ff383019c585e8e367b0
- SHA512
  
  4fef9a80fcec9464e3023664045a9f7592e2393026e1197545bb6f0a87c2837c7a1c0c2e56eae4b7258136901eb096660463aab7499460c9a1b91037fe273849
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2