buer | 522a42c27449aba54fa539f28082f1ddc2e8e6ea4f3dd29141f702a5ad82e29f | Triage

Sharing

General

Target

522a42c27449aba54fa539f28082f1ddc2e8e6ea4f3dd29141f702a5ad82e29f
Size

277KB
Sample

220205-ta4zfadbhk
MD5

87458f08d1c715853dfcbdc7510566be
SHA1

7b1a5d9bb21d852a6dbf3146fabb1cd1ca276ed9
SHA256

522a42c27449aba54fa539f28082f1ddc2e8e6ea4f3dd29141f702a5ad82e29f
SHA512

ed91a9a42c494076d5a57bde8d8c3247e8fa1bcf85af8e36e304d9dfd00223b2f4f306c1b3474d3afe7d6b2f9f77dc7b579d3d7b96770699d88e947dc2c685c3

Score

10^/10

buer loader persistence

Malware Config

Extracted

Family

buer

C2

https://cloudupdates.co.za/

https:///securitycloudserver.co.za/

Targets

- Target
  
  522a42c27449aba54fa539f28082f1ddc2e8e6ea4f3dd29141f702a5ad82e29f
- Size
  
  277KB
- MD5
  
  87458f08d1c715853dfcbdc7510566be
- SHA1
  
  7b1a5d9bb21d852a6dbf3146fabb1cd1ca276ed9
- SHA256
  
  522a42c27449aba54fa539f28082f1ddc2e8e6ea4f3dd29141f702a5ad82e29f
- SHA512
  
  ed91a9a42c494076d5a57bde8d8c3247e8fa1bcf85af8e36e304d9dfd00223b2f4f306c1b3474d3afe7d6b2f9f77dc7b579d3d7b96770699d88e947dc2c685c3
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2