buer | a2b449ab72691674851d3fc438c23f31f8dd141adf77c13adfc9816edb58eae2 | Triage

Analysis

max time kernel
4294181s
max time network
124s
platform
windows7_x64
resource
win7-20220223-en
submitted
06-03-2022 20:37

Sharing

Report Analysis Logs

General

Target

a2b449ab72691674851d3fc438c23f31f8dd141adf77c13adfc9816edb58eae2.exe
Size

151KB
MD5

84010e9134560c8c4f2ac496743b498f
SHA1

9f55ea43c2c1a036e2f52417905de33f4f887fd3
SHA256

a2b449ab72691674851d3fc438c23f31f8dd141adf77c13adfc9816edb58eae2
SHA512

87f144e7c4a875eeda939002a63ef602d115a3a112770b37f25b5bb79998003cf1b8415e1c8df1d89e66e5ca46e113acbb4bd95960c0d1f64e65bc865e88443d

Score

10^/10

buer loader

Malware Config

Extracted

Family

buer

C2

officewestunionbank.com

bankcreditsign.com

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 2 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral1/memory/2040-56-0x0000000000030000-0x0000000000037000-memory.dmp	buer
behavioral1/memory/2040-57-0x0000000040000000-0x00000000400CF000-memory.dmp	buer

C:\Users\Admin\AppData\Local\Temp\a2b449ab72691674851d3fc438c23f31f8dd141adf77c13adfc9816edb58eae2.exe
"C:\Users\Admin\AppData\Local\Temp\a2b449ab72691674851d3fc438c23f31f8dd141adf77c13adfc9816edb58eae2.exe"
1⤵
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-54-0x00000000004A9000-0x00000000004AF000-memory.dmp

Filesize
24KB

Download
memory/2040-56-0x0000000000030000-0x0000000000037000-memory.dmp

Filesize
28KB

Download
memory/2040-55-0x00000000004A9000-0x00000000004AF000-memory.dmp

Filesize
24KB

Download
memory/2040-57-0x0000000040000000-0x00000000400CF000-memory.dmp

Filesize
828KB

Download