General
-
Target
2.exe
-
Size
36KB
-
Sample
220224-2xjwsafahn
-
MD5
4d85e1d2cff1f97e149e345a19928ad9
-
SHA1
2c1c6df0d80940bed3576ba89bd8b0f29654bb17
-
SHA256
7c70ee2493d0ccc41cf42d9ef1f478d235bb09fa98eb1e991d7f4bccac818bf0
-
SHA512
d0afa20c1cf1fbdb197dc846e862478fa156b1331b4b4cf1e96520c7981c87de2c25c0dbdebcf6749212c56f70443b3792a133e1261210cf1298358535221f1f
Malware Config
Extracted
buer
https://gstatiknetiplist.cc/
https://gstatiknetiplist.com/
Targets
-
-
Target
2.exe
-
Size
36KB
-
MD5
4d85e1d2cff1f97e149e345a19928ad9
-
SHA1
2c1c6df0d80940bed3576ba89bd8b0f29654bb17
-
SHA256
7c70ee2493d0ccc41cf42d9ef1f478d235bb09fa98eb1e991d7f4bccac818bf0
-
SHA512
d0afa20c1cf1fbdb197dc846e862478fa156b1331b4b4cf1e96520c7981c87de2c25c0dbdebcf6749212c56f70443b3792a133e1261210cf1298358535221f1f
Score10/10-
Buer
Buer is a new modular loader first seen in August 2019.
-
Modifies WinLogon for persistence
-
Buer Loader
Detects Buer loader in memory or disk.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-