buer | ba5fa7cc1a918b866354f4a5d9d92ceb3965ff81eb96e1608f190bccf12d38e6 | Triage

Sharing

General

Target

ba5fa7cc1a918b866354f4a5d9d92ceb3965ff81eb96e1608f190bccf12d38e6
Size

89KB
Sample

220201-lcj32scfg6
MD5

96f008e97e84f07d643548ca503d7930
SHA1

7f0d5571b331b681e1689a2fda251329dcfa527f
SHA256

ba5fa7cc1a918b866354f4a5d9d92ceb3965ff81eb96e1608f190bccf12d38e6
SHA512

55633a88d52c46e286153c94698ec6fad8d7ecfe1d0cd48873117f9dca9f8b6681236e07a1f3d827ed57bbc7b4758060a4482d30b21cc52119680a8e603d3b64

Score

10^/10

buer loader persistence

Malware Config

Extracted

Family

buer

C2

https://syndicationtwimg.site/

Targets

- Target
  
  ba5fa7cc1a918b866354f4a5d9d92ceb3965ff81eb96e1608f190bccf12d38e6
- Size
  
  89KB
- MD5
  
  96f008e97e84f07d643548ca503d7930
- SHA1
  
  7f0d5571b331b681e1689a2fda251329dcfa527f
- SHA256
  
  ba5fa7cc1a918b866354f4a5d9d92ceb3965ff81eb96e1608f190bccf12d38e6
- SHA512
  
  55633a88d52c46e286153c94698ec6fad8d7ecfe1d0cd48873117f9dca9f8b6681236e07a1f3d827ed57bbc7b4758060a4482d30b21cc52119680a8e603d3b64
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2