buer | faa12e0d9880f402976d0bb6372e0699e7374f58a406d62840e373831d956b8d | Triage

Analysis

max time kernel
162s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
24-03-2022 09:51

Sharing

Report Analysis Logs

General

Target

faa12e0d9880f402976d0bb6372e0699e7374f58a406d62840e373831d956b8d.exe
Size

288KB
MD5

67ddb94deaeb47edc5d7457be54fad31
SHA1

1145793179ee3496c5cf6f1005d1db535d70bf69
SHA256

faa12e0d9880f402976d0bb6372e0699e7374f58a406d62840e373831d956b8d
SHA512

ec5bc51eee78d09eae3d4e93a7f2d5309440113a488b380485204814b48a3e9ac46a8f541f1dfbaafc2a05b436b38cf46f7924f5fb2d2d3dc9e8d345f8d0ca53

Score

10^/10

buer loader

Malware Config

Extracted

Family

buer

C2

officewestunionbank.com

bankcreditsign.com

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 2 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral2/memory/2680-131-0x0000000000760000-0x0000000000767000-memory.dmp	buer
behavioral2/memory/2680-132-0x0000000040000000-0x00000000407B4000-memory.dmp	buer

C:\Users\Admin\AppData\Local\Temp\faa12e0d9880f402976d0bb6372e0699e7374f58a406d62840e373831d956b8d.exe
"C:\Users\Admin\AppData\Local\Temp\faa12e0d9880f402976d0bb6372e0699e7374f58a406d62840e373831d956b8d.exe"
1⤵
PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2680-130-0x0000000000750000-0x0000000000755000-memory.dmp

Filesize
20KB

Download
memory/2680-131-0x0000000000760000-0x0000000000767000-memory.dmp

Filesize
28KB

Download
memory/2680-132-0x0000000040000000-0x00000000407B4000-memory.dmp

Filesize
7.7MB

Download