Extracted

• • Target

    14dd52af1b4ce65abf73c7b479f4af42102b3891494186118112406a1e0d5bf8

  • Size

    1.9MB

  • MD5

    c5cc5ae8f7a33279195ff44c3f8ddcce

  • SHA1

    b308572cfbb7e70fa4cbca64676974b448641436

  • SHA256

    14dd52af1b4ce65abf73c7b479f4af42102b3891494186118112406a1e0d5bf8

  • SHA512

    ac4ec63dae4985f19f1ffe642c9436d8abab0d5248a44e6fe372aad242dea3922eea06a051a141fb63bf8edfe00c2ffc7759971e4782ce2a0c48f963f751c54e

  Score

  10^/10

  evasionbuerloader

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer

  • Buer Loader

    Detects Buer loader in memory or disk.

    loader

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2