Extracted

• • Target

    2f2c65f9e33f564986f7459b52f61c4855cb9c7768acafa7f7da34b481ddab92

  • Size

    302KB

  • MD5

    1a2546b8cc363618f85ad41532b2506a

  • SHA1

    898b6adc52af010648afa56073f77dd7961837f9

  • SHA256

    2f2c65f9e33f564986f7459b52f61c4855cb9c7768acafa7f7da34b481ddab92

  • SHA512

    45a16da45a553bd98c5f2f152c3dcaea1ce8492e8a1feb44ac572209f923b7c481a876b9d7880b0ff25d7c10c93c3cd56c59668b3459ea240ad673279c787bcb

  Score

  10^/10

  buerloaderpersistence

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer

  • Modifies WinLogon for persistence

    persistence

  • Buer Loader

    Detects Buer loader in memory or disk.

    loader

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2