buer | 3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776 | Triage

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-05-2022 18:21

Sharing

Report Analysis Logs

General

Target

3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776.exe
Size

205KB
MD5

26244e477fce74ab4e36e26e600a96b0
SHA1

f2d51d793857e6d9829f24f711b37664cd737fa5
SHA256

3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776
SHA512

f6e0525a3295613137d9a102d9fcf6cf052df90e9676b3c9d260bc5353656ce31fb515bfd6a133ee9858b865a34207388f156510b41920c8e0913fc411b47d5d

Score

10^/10

buer loader

Malware Config

Extracted

Family

buer

C2

https://rawcookies.ru/

https://westkingz.ru/

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 2 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral1/memory/1304-56-0x0000000000220000-0x000000000022B000-memory.dmp	buer
behavioral1/memory/1304-57-0x0000000040000000-0x0000000040879000-memory.dmp	buer

C:\Users\Admin\AppData\Local\Temp\3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776.exe
"C:\Users\Admin\AppData\Local\Temp\3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776.exe"
1⤵
PID:1304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1304-54-0x0000000076451000-0x0000000076453000-memory.dmp

Filesize
8KB

Download
memory/1304-56-0x0000000000220000-0x000000000022B000-memory.dmp

Filesize
44KB

Download
memory/1304-55-0x00000000004CD000-0x00000000004D5000-memory.dmp

Filesize
32KB

Download
memory/1304-57-0x0000000040000000-0x0000000040879000-memory.dmp

Filesize
8.5MB

Download