buer | 3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776 | Triage

Submit
Reports

Overview

overview

Static

static

3c2382bdd0...76.exe

windows7_x64

3c2382bdd0...76.exe

windows10-2004_x64

Sharing

General

Target

3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776
Size

205KB
Sample

220520-wzgljsegep
MD5

26244e477fce74ab4e36e26e600a96b0
SHA1

f2d51d793857e6d9829f24f711b37664cd737fa5
SHA256

3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776
SHA512

f6e0525a3295613137d9a102d9fcf6cf052df90e9676b3c9d260bc5353656ce31fb515bfd6a133ee9858b865a34207388f156510b41920c8e0913fc411b47d5d

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776.exe

Resource

win10v2004-20220414-en

buer loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://rawcookies.ru/

https://westkingz.ru/

Targets

- Target
  
  3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776
- Size
  
  205KB
- MD5
  
  26244e477fce74ab4e36e26e600a96b0
- SHA1
  
  f2d51d793857e6d9829f24f711b37664cd737fa5
- SHA256
  
  3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776
- SHA512
  
  f6e0525a3295613137d9a102d9fcf6cf052df90e9676b3c9d260bc5353656ce31fb515bfd6a133ee9858b865a34207388f156510b41920c8e0913fc411b47d5d
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

buerloaderpersistence

© 2018-2024

Terms | Privacy