buer | f0d5752306469bc4c8f76bf5de66d43a78bc8d027827dfb12d032b2b5522dcdb | Triage

Analysis

max time kernel
61s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
09-03-2022 13:23

Sharing

Report Analysis Logs

General

Target

f0d5752306469bc4c8f76bf5de66d43a78bc8d027827dfb12d032b2b5522dcdb.exe
Size

153KB
MD5

620e98de907158b4a6276e0204c50c14
SHA1

bfbee988f40e36ec319a67f09353e76561fc548a
SHA256

f0d5752306469bc4c8f76bf5de66d43a78bc8d027827dfb12d032b2b5522dcdb
SHA512

c77e3d98290055a57a04edc39a447f3500f9be926fa7f82af0b17760ae2c3e3d050060e19ce8f89a1b20e1ba6fa998c6ebebd4772875886309a1fdf84b536bb5

Score

10^/10

buer loader

Malware Config

Extracted

Family

buer

C2

officewestunionbank.com

bankcreditsign.com

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 2 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral2/memory/4764-136-0x0000000000460000-0x0000000000467000-memory.dmp	buer
behavioral2/memory/4764-137-0x0000000040000000-0x00000000400CF000-memory.dmp	buer

C:\Users\Admin\AppData\Local\Temp\f0d5752306469bc4c8f76bf5de66d43a78bc8d027827dfb12d032b2b5522dcdb.exe
"C:\Users\Admin\AppData\Local\Temp\f0d5752306469bc4c8f76bf5de66d43a78bc8d027827dfb12d032b2b5522dcdb.exe"
1⤵
PID:4764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4764-134-0x0000000000599000-0x000000000059F000-memory.dmp

Filesize
24KB

Download
memory/4764-135-0x0000000000599000-0x000000000059F000-memory.dmp

Filesize
24KB

Download
memory/4764-136-0x0000000000460000-0x0000000000467000-memory.dmp

Filesize
28KB

Download
memory/4764-137-0x0000000040000000-0x00000000400CF000-memory.dmp

Filesize
828KB

Download