buer | c9a0c4b9b99b21e01fe8c7b7f018ab375e0704481f5cb52c198a15110d156f41 | Triage

Analysis

max time kernel
132s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
09-03-2022 13:27

Sharing

Report Analysis Logs

General

Target

c9a0c4b9b99b21e01fe8c7b7f018ab375e0704481f5cb52c198a15110d156f41.exe
Size

151KB
MD5

b5f521aff44100c54e77e05937cf0622
SHA1

3b07c1e8a9961f811a4eb6564e19d75520e83b57
SHA256

c9a0c4b9b99b21e01fe8c7b7f018ab375e0704481f5cb52c198a15110d156f41
SHA512

724cf0b244ee8adfaa5de4f5f4a65b4eaa479a09bf86837eeda474445bc886d6a00ef1fa18d6a908e9a7f507045b2b50f61c40fadec1f65703325b1d76a9e27b

Score

10^/10

buer loader

Malware Config

Extracted

Family

buer

C2

officewestunionbank.com

bankcreditsign.com

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 2 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral2/memory/2472-132-0x0000000000530000-0x0000000000537000-memory.dmp	buer
behavioral2/memory/2472-133-0x0000000040000000-0x00000000400CF000-memory.dmp	buer

C:\Users\Admin\AppData\Local\Temp\c9a0c4b9b99b21e01fe8c7b7f018ab375e0704481f5cb52c198a15110d156f41.exe
"C:\Users\Admin\AppData\Local\Temp\c9a0c4b9b99b21e01fe8c7b7f018ab375e0704481f5cb52c198a15110d156f41.exe"
1⤵
PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2472-130-0x0000000000689000-0x000000000068F000-memory.dmp

Filesize
24KB

Download
memory/2472-131-0x0000000000689000-0x000000000068F000-memory.dmp

Filesize
24KB

Download
memory/2472-132-0x0000000000530000-0x0000000000537000-memory.dmp

Filesize
28KB

Download
memory/2472-133-0x0000000040000000-0x00000000400CF000-memory.dmp

Filesize
828KB

Download