buer | 45763478ad7f43aa83ebaaea28bafaac6835bec45bf8c6948cf5dd454b6e30c7 | Triage

Submit
Reports

Overview

overview

Static

static

45763478ad...c7.exe

windows7_x64

45763478ad...c7.exe

windows10-2004_x64

Sharing

General

Target

45763478ad7f43aa83ebaaea28bafaac6835bec45bf8c6948cf5dd454b6e30c7
Size

96KB
Sample

220201-mjle5addh4
MD5

47c011a8f2bab4077182cff452c36608
SHA1

edbeed7e8b4f56502bd600d8770e786936e8e8d0
SHA256

45763478ad7f43aa83ebaaea28bafaac6835bec45bf8c6948cf5dd454b6e30c7
SHA512

2531647ab6aebf1c7d714225f3a724b875852ff9cf461eeb6be27ea6d7251f332edc2b2b1ce6907c6fa2f00a0e83c3f7ea27ea02f5c824f0dcd6efb313aa2e01

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

45763478ad7f43aa83ebaaea28bafaac6835bec45bf8c6948cf5dd454b6e30c7.exe

Resource

win7-en-20211208

buer loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

45763478ad7f43aa83ebaaea28bafaac6835bec45bf8c6948cf5dd454b6e30c7.exe

Resource

win10v2004-en-20220112

buer loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://mesoplano.com/

https://banusle.top/

Targets

- Target
  
  45763478ad7f43aa83ebaaea28bafaac6835bec45bf8c6948cf5dd454b6e30c7
- Size
  
  96KB
- MD5
  
  47c011a8f2bab4077182cff452c36608
- SHA1
  
  edbeed7e8b4f56502bd600d8770e786936e8e8d0
- SHA256
  
  45763478ad7f43aa83ebaaea28bafaac6835bec45bf8c6948cf5dd454b6e30c7
- SHA512
  
  2531647ab6aebf1c7d714225f3a724b875852ff9cf461eeb6be27ea6d7251f332edc2b2b1ce6907c6fa2f00a0e83c3f7ea27ea02f5c824f0dcd6efb313aa2e01
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2025

Terms | Privacy