buer | 3524a53569a7016bbb9f2b4793d0da464e88410fffd65b9f137be015e0a06874 | Triage

Submit
Reports

Overview

overview

Static

static

3524a53569...74.exe

windows7_x64

3524a53569...74.exe

windows10-2004_x64

Sharing

General

Target

3524a53569a7016bbb9f2b4793d0da464e88410fffd65b9f137be015e0a06874
Size

183KB
Sample

220619-xc3qyaggep
MD5

7b5b7a530af5c23b4828f9f0eb81f3a3
SHA1

04e848ea25b3a4fe7329d6f545216f6abc4a8f51
SHA256

3524a53569a7016bbb9f2b4793d0da464e88410fffd65b9f137be015e0a06874
SHA512

fc1c11a556dcc8ee37fb71a9ab6b4ab6565f58c9c9a9d791ab2658c03bc3ceba0c1d2ca328880ceabbfa43caa2db693cbee43653bc2d87050f119399cf0cdbb6

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

3524a53569a7016bbb9f2b4793d0da464e88410fffd65b9f137be015e0a06874.exe

Resource

win7-20220414-en

buer loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3524a53569a7016bbb9f2b4793d0da464e88410fffd65b9f137be015e0a06874.exe

Resource

win10v2004-20220414-en

buer loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://gstatiknetiplist.cc/

https://gstatiknetiplist.com/

Targets

- Target
  
  3524a53569a7016bbb9f2b4793d0da464e88410fffd65b9f137be015e0a06874
- Size
  
  183KB
- MD5
  
  7b5b7a530af5c23b4828f9f0eb81f3a3
- SHA1
  
  04e848ea25b3a4fe7329d6f545216f6abc4a8f51
- SHA256
  
  3524a53569a7016bbb9f2b4793d0da464e88410fffd65b9f137be015e0a06874
- SHA512
  
  fc1c11a556dcc8ee37fb71a9ab6b4ab6565f58c9c9a9d791ab2658c03bc3ceba0c1d2ca328880ceabbfa43caa2db693cbee43653bc2d87050f119399cf0cdbb6
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2024

Terms | Privacy