buer | cda685d0e85b2f28c00d145da358edc3748357786455965af86a3b0b292051fd | Triage

Sharing

General

Target

cda685d0e85b2f28c00d145da358edc3748357786455965af86a3b0b292051fd
Size

103KB
Sample

220201-k6zj6acaan
MD5

35380d263bbcd4aaa5d158d10ba0f558
SHA1

80c4fabb2412d5482f8c76cf1683eb52d75dfd21
SHA256

cda685d0e85b2f28c00d145da358edc3748357786455965af86a3b0b292051fd
SHA512

7278884e121c16d1a023ac8fa865155b6bb910cdce3a647f869c4aee7f3c14b19f8ecefd931ab725ea66e814d40f33def871a42c03bcc26aad7c7fa918b8e2e3

Score

10^/10

buer loader persistence

Malware Config

Extracted

Family

buer

C2

https://mesoplano.com/

https://banusle.top/

Targets

- Target
  
  cda685d0e85b2f28c00d145da358edc3748357786455965af86a3b0b292051fd
- Size
  
  103KB
- MD5
  
  35380d263bbcd4aaa5d158d10ba0f558
- SHA1
  
  80c4fabb2412d5482f8c76cf1683eb52d75dfd21
- SHA256
  
  cda685d0e85b2f28c00d145da358edc3748357786455965af86a3b0b292051fd
- SHA512
  
  7278884e121c16d1a023ac8fa865155b6bb910cdce3a647f869c4aee7f3c14b19f8ecefd931ab725ea66e814d40f33def871a42c03bcc26aad7c7fa918b8e2e3
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2