buer | 35ed64be314538c7a7a019331fe2c4faff7fd55c93f9a9bc5911cd705a60e90a | Triage

Submit
Reports

Overview

overview

Static

static

35ed64be31...0a.exe

windows7_x64

35ed64be31...0a.exe

windows10-2004_x64

Sharing

General

Target

35ed64be314538c7a7a019331fe2c4faff7fd55c93f9a9bc5911cd705a60e90a
Size

168KB
Sample

220524-dqfnsahadq
MD5

a69ec18cd982181a5fbd2789663a88bf
SHA1

7d44fdc6938916a54103169d1de0032ddeab0e35
SHA256

35ed64be314538c7a7a019331fe2c4faff7fd55c93f9a9bc5911cd705a60e90a
SHA512

f61baf6748f3c7a5da5e46693274e8d748699199c187a3dbb550747832fcade594f618ffbc5cbba5aa3848ec716ec8f2fb8267c8d2b15e9f63687ad1211f6900

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

35ed64be314538c7a7a019331fe2c4faff7fd55c93f9a9bc5911cd705a60e90a.exe

Resource

win7-20220414-en

buer loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

35ed64be314538c7a7a019331fe2c4faff7fd55c93f9a9bc5911cd705a60e90a.exe

Resource

win10v2004-20220414-en

buer loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://gstatiknetiplist.cc/

https://gstatiknetiplist.com/

Targets

- Target
  
  35ed64be314538c7a7a019331fe2c4faff7fd55c93f9a9bc5911cd705a60e90a
- Size
  
  168KB
- MD5
  
  a69ec18cd982181a5fbd2789663a88bf
- SHA1
  
  7d44fdc6938916a54103169d1de0032ddeab0e35
- SHA256
  
  35ed64be314538c7a7a019331fe2c4faff7fd55c93f9a9bc5911cd705a60e90a
- SHA512
  
  f61baf6748f3c7a5da5e46693274e8d748699199c187a3dbb550747832fcade594f618ffbc5cbba5aa3848ec716ec8f2fb8267c8d2b15e9f63687ad1211f6900
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2024

Terms | Privacy