buer | 0c09ea2d5722a2484804bf8c4f051d66d8a95d23c19e5d1277a55cafd80b67be | Triage

Sharing

General

Target

0c09ea2d5722a2484804bf8c4f051d66d8a95d23c19e5d1277a55cafd80b67be
Size

128KB
Sample

220201-m2gjwsdcen
MD5

f35cd516f71e2cc4ade549a6487624ca
SHA1

64800a2f85e12090eea5109e05d969a08ae9850a
SHA256

0c09ea2d5722a2484804bf8c4f051d66d8a95d23c19e5d1277a55cafd80b67be
SHA512

866a549f65cc25c73b0087cf1fd769446f1d82aa38b24e211f6e517b481c02ee3d607055aaeab6be199a42e50f917920675f4c5079e7cf83606154165bdbb3fb

Score

10^/10

buer loader persistence

Malware Config

Extracted

Family

buer

C2

https://mesoplano.com/

https://banusle.top/

Targets

- Target
  
  0c09ea2d5722a2484804bf8c4f051d66d8a95d23c19e5d1277a55cafd80b67be
- Size
  
  128KB
- MD5
  
  f35cd516f71e2cc4ade549a6487624ca
- SHA1
  
  64800a2f85e12090eea5109e05d969a08ae9850a
- SHA256
  
  0c09ea2d5722a2484804bf8c4f051d66d8a95d23c19e5d1277a55cafd80b67be
- SHA512
  
  866a549f65cc25c73b0087cf1fd769446f1d82aa38b24e211f6e517b481c02ee3d607055aaeab6be199a42e50f917920675f4c5079e7cf83606154165bdbb3fb
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2