buer | 1c6852799eabf0c9e744016a3113af6d1185c3de41acdbf90c95297d252d01f9 | Triage

Submit
Reports

Overview

overview

Static

static

1c6852799e...f9.exe

windows7_x64

1c6852799e...f9.exe

windows10-2004_x64

Sharing

General

Target

1c6852799eabf0c9e744016a3113af6d1185c3de41acdbf90c95297d252d01f9
Size

144KB
Sample

220525-b812bsaghm
MD5

37d8bced898bf955130f39645eba3f0a
SHA1

c411ffa43ad7cf7bf321017e9a2d7d9bae1f0cf5
SHA256

1c6852799eabf0c9e744016a3113af6d1185c3de41acdbf90c95297d252d01f9
SHA512

1ae8c515a0a820552c8861fdde197dee0ea0f7fabae74ee4fac9c345f0e1dadf5448b0787cbedfa9e960980419dd3f59fbb8cae8da84df74283348ac80554eaa

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

1c6852799eabf0c9e744016a3113af6d1185c3de41acdbf90c95297d252d01f9.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1c6852799eabf0c9e744016a3113af6d1185c3de41acdbf90c95297d252d01f9.exe

Resource

win10v2004-20220414-en

buer loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://rawcookies.ru/

https://westkingz.ru/

Targets

- Target
  
  1c6852799eabf0c9e744016a3113af6d1185c3de41acdbf90c95297d252d01f9
- Size
  
  144KB
- MD5
  
  37d8bced898bf955130f39645eba3f0a
- SHA1
  
  c411ffa43ad7cf7bf321017e9a2d7d9bae1f0cf5
- SHA256
  
  1c6852799eabf0c9e744016a3113af6d1185c3de41acdbf90c95297d252d01f9
- SHA512
  
  1ae8c515a0a820552c8861fdde197dee0ea0f7fabae74ee4fac9c345f0e1dadf5448b0787cbedfa9e960980419dd3f59fbb8cae8da84df74283348ac80554eaa
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

buerloaderpersistence

© 2018-2024

Terms | Privacy