buer | 69377f70dc61fe37d51443a5ce8a312aa7b682c61574b8ff02fef4e9d798133a | Triage

Submit
Reports

Overview

overview

Static

static

69377f70dc...3a.exe

windows7_x64

69377f70dc...3a.exe

windows10-2004_x64

Sharing

General

Target

69377f70dc61fe37d51443a5ce8a312aa7b682c61574b8ff02fef4e9d798133a
Size

300KB
Sample

220512-ntpe7sfhbm
MD5

b84cb1bf75e472973bed157bab410f04
SHA1

fe4d97e9fd68677ae1e1b459885b3979eabba445
SHA256

69377f70dc61fe37d51443a5ce8a312aa7b682c61574b8ff02fef4e9d798133a
SHA512

266128f62ef53d596196bed76ef94c9aef135f248a2c0a9b44a909bdff4613a048875d9a8debf7082e50eea29acb32891fd7edc535d085558a9250a5f402c9a8

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

69377f70dc61fe37d51443a5ce8a312aa7b682c61574b8ff02fef4e9d798133a.exe

Resource

win7-20220414-en

buer loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

69377f70dc61fe37d51443a5ce8a312aa7b682c61574b8ff02fef4e9d798133a.exe

Resource

win10v2004-20220414-en

buer loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://officewestunionbank.com/

Targets

- Target
  
  69377f70dc61fe37d51443a5ce8a312aa7b682c61574b8ff02fef4e9d798133a
- Size
  
  300KB
- MD5
  
  b84cb1bf75e472973bed157bab410f04
- SHA1
  
  fe4d97e9fd68677ae1e1b459885b3979eabba445
- SHA256
  
  69377f70dc61fe37d51443a5ce8a312aa7b682c61574b8ff02fef4e9d798133a
- SHA512
  
  266128f62ef53d596196bed76ef94c9aef135f248a2c0a9b44a909bdff4613a048875d9a8debf7082e50eea29acb32891fd7edc535d085558a9250a5f402c9a8
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2024

Terms | Privacy