buer | e59e7db0c75cef4bb6e057d725bae7ed5e13fd011b54fe39c3fe7cdb123b684f

Submit
Reports

Overview

overview

Static

static

0374bb627e...71.dll

windows7_x64

0374bb627e...71.dll

windows10-2004_x64

0ba117fd39...35.exe

windows7_x64

0ba117fd39...35.exe

windows10-2004_x64

196c17a866...fe.exe

windows7_x64

196c17a866...fe.exe

windows10-2004_x64

1e0215f67f...53.exe

windows7_x64

1e0215f67f...53.exe

windows10-2004_x64

25d04d6314...de.exe

windows7_x64

25d04d6314...de.exe

windows10-2004_x64

428ff553b6...50.exe

windows7_x64

428ff553b6...50.exe

windows10-2004_x64

455d08a5e2...ce.exe

windows7_x64

455d08a5e2...ce.exe

windows10-2004_x64

4dbd0cd1e0...59.dll

windows7_x64

4dbd0cd1e0...59.dll

windows10-2004_x64

4febaf5c3e...92.exe

windows7_x64

4febaf5c3e...92.exe

windows10-2004_x64

5282f373b4...ff.exe

windows7_x64

5282f373b4...ff.exe

windows10-2004_x64

6c2e494f16...47.exe

windows7_x64

6c2e494f16...47.exe

windows10-2004_x64

6c95be6a53...65.exe

windows7_x64

6c95be6a53...65.exe

windows10-2004_x64

75a5b0e0e9...1a.exe

windows7_x64

75a5b0e0e9...1a.exe

windows10-2004_x64

7dd89cf8a1...d2.exe

windows7_x64

7dd89cf8a1...d2.exe

windows10-2004_x64

81fa8a3bdc...77.exe

windows7_x64

81fa8a3bdc...77.exe

windows10-2004_x64

9268e1f0af...b0.dll

windows7_x64

9268e1f0af...b0.dll

windows10-2004_x64

Analysis

max time kernel
51s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-06-2022 13:51

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

0374bb627e51aa5fa5df0640a5468939cf190a1a1bc0c8a0f3df4bc9b3e92171.dll

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0374bb627e51aa5fa5df0640a5468939cf190a1a1bc0c8a0f3df4bc9b3e92171.dll

Resource

win10v2004-20220414-en

trickbot banker packer trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

0ba117fd394120dbe7fef45f244ab20d476e595fd900ce56c4fced0941e8a635.exe

Resource

win7-20220414-en

emotet epoch1 banker suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

0ba117fd394120dbe7fef45f244ab20d476e595fd900ce56c4fced0941e8a635.exe

Resource

win10v2004-20220414-en

emotet epoch1 banker suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

196c17a866c395520e3440779c11fa79063127efb81cfb5d44f9c664f6a790fe.exe

Resource

win7-20220414-en

emotet epoch2 banker suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

196c17a866c395520e3440779c11fa79063127efb81cfb5d44f9c664f6a790fe.exe

Resource

win10v2004-20220414-en

emotet epoch2 banker suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

1e0215f67fb7b02bc44f33bf6a5b884c3061cbeb38e0150b559635458951fa53.exe

Resource

win7-20220414-en

trickbot xml1 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

1e0215f67fb7b02bc44f33bf6a5b884c3061cbeb38e0150b559635458951fa53.exe

Resource

win10v2004-20220414-en

trickbot xml1 banker trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

25d04d6314390db9f02656b70f9d0da208b7d3e4dd47ece7cb907854a2c07dde.exe

Resource

win7-20220414-en

emotet epoch2 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

25d04d6314390db9f02656b70f9d0da208b7d3e4dd47ece7cb907854a2c07dde.exe

Resource

win10v2004-20220414-en

emotet epoch2 banker trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

428ff553b67cd782e6d0227ae09c83ba8074fa11cf4bfd91703b2043aa5f6c50.exe

Resource

win7-20220414-en

emotet epoch2 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

428ff553b67cd782e6d0227ae09c83ba8074fa11cf4bfd91703b2043aa5f6c50.exe

Resource

win10v2004-20220414-en

emotet epoch2 banker trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

455d08a5e2a10427eb1aec8f9ee931a5ae10b41acb9cf0e9090f87722a96b9ce.exe

Resource

win7-20220414-en

emotet epoch2 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

455d08a5e2a10427eb1aec8f9ee931a5ae10b41acb9cf0e9090f87722a96b9ce.exe

Resource

win10v2004-20220414-en

emotet epoch2 banker trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

4dbd0cd1e0f85d16cb65f376880ca9ba247bd1f81542f135610f951349909959.dll

Resource

win7-20220414-en

trickbot sat2 banker suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

4dbd0cd1e0f85d16cb65f376880ca9ba247bd1f81542f135610f951349909959.dll

Resource

win10v2004-20220414-en

trickbot sat2 banker suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

4febaf5c3eb1938f657200df1141457d1bb34b9b67222f2e889c9785dd99e492.exe

Resource

win7-20220414-en

emotet epoch1 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

4febaf5c3eb1938f657200df1141457d1bb34b9b67222f2e889c9785dd99e492.exe

Resource

win10v2004-20220414-en

emotet epoch1 banker trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

5282f373b4dbab1b939b625d05d45442e8c008eeb6fa5d3c1f587cf80afa21ff.exe

Resource

win7-20220414-en

evasion persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

5282f373b4dbab1b939b625d05d45442e8c008eeb6fa5d3c1f587cf80afa21ff.exe

Resource

win10v2004-20220414-en

evasion persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

6c2e494f16262d6e4b2eaa552971b562a2bb87ac71a73a8be8638aefb47f1a47.exe

Resource

win7-20220414-en

emotet epoch2 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

6c2e494f16262d6e4b2eaa552971b562a2bb87ac71a73a8be8638aefb47f1a47.exe

Resource

win10v2004-20220414-en

emotet epoch2 banker trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

6c95be6a536264db1dcb3c13b03b6f67d04b75a49cb9411fa294352590df2e65.exe

Resource

win7-20220414-en

trickbot lib101 banker suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

6c95be6a536264db1dcb3c13b03b6f67d04b75a49cb9411fa294352590df2e65.exe

Resource

win10v2004-20220414-en

trickbot lib101 banker suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

75a5b0e0e96691e1aacf99aba23f9b2a53ef8c349a8822494b7b82c400b5a61a.exe

Resource

win7-20220414-en

trickbot rob110 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

75a5b0e0e96691e1aacf99aba23f9b2a53ef8c349a8822494b7b82c400b5a61a.exe

Resource

win10v2004-20220414-en

trickbot rob110 banker suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral27

Sample

7dd89cf8a1fd81909f2dd9b75cffa1f7ed98ae94c381a6c92ffd0a0dee7707d2.exe

Resource

win7-20220414-en

buer loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral28

Sample

7dd89cf8a1fd81909f2dd9b75cffa1f7ed98ae94c381a6c92ffd0a0dee7707d2.exe

Resource

win10v2004-20220414-en

buer loader persistence

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral29

Sample

81fa8a3bdc452dd2b279b61fed92fe83d65e650e06bca9ee4dfcf991a4a59e77.exe

Resource

win7-20220414-en

trickbot yas45 banker dave trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral30

Sample

81fa8a3bdc452dd2b279b61fed92fe83d65e650e06bca9ee4dfcf991a4a59e77.exe

Resource

win10v2004-20220414-en

trickbot yas45 banker dave trojan

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral31

Sample

9268e1f0af209ecb3d16ddbb4b5f294194c62b54812b02aba7efc7b1306c0fb0.dll

Resource

win7-20220414-en

trickbot rob109 banker suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral32

Sample

9268e1f0af209ecb3d16ddbb4b5f294194c62b54812b02aba7efc7b1306c0fb0.dll

Resource

win10v2004-20220414-en

trickbot rob109 banker suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

7dd89cf8a1fd81909f2dd9b75cffa1f7ed98ae94c381a6c92ffd0a0dee7707d2.exe
Size

196KB
MD5

dd69fb6eb36fd0b9d0e14e099104726a
SHA1

6fb3cad9868b22a0563664d3c5cbefe7e57d09b2
SHA256

7dd89cf8a1fd81909f2dd9b75cffa1f7ed98ae94c381a6c92ffd0a0dee7707d2
SHA512

6743cac45032112bccf24bd0765f15727c7dd12a46e8162adc39c99631998f3b8b8544916ab398bbeaaa3704b65e8dd57b4f6dd8acaf1c933a2406e9525eacea

Score

10^/10

buer loader

Malware Config

Extracted

Family

buer

https://165.232.118.210/

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 3 IoCs

Detects Buer loader in memory or disk.

loader

Processes:

resource	yara_rule
behavioral27/memory/888-55-0x00000000003C0000-0x00000000003CF000-memory.dmp	buer
behavioral27/memory/888-59-0x0000000040000000-0x000000004000C000-memory.dmp	buer
behavioral27/memory/888-62-0x00000000003B0000-0x00000000003BD000-memory.dmp	buer

Processes

C:\Users\Admin\AppData\Local\Temp\7dd89cf8a1fd81909f2dd9b75cffa1f7ed98ae94c381a6c92ffd0a0dee7707d2.exe
"C:\Users\Admin\AppData\Local\Temp\7dd89cf8a1fd81909f2dd9b75cffa1f7ed98ae94c381a6c92ffd0a0dee7707d2.exe"
1⤵
PID:888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/888-54-0x00000000755C1000-0x00000000755C3000-memory.dmp

Filesize
8KB

Download
memory/888-55-0x00000000003C0000-0x00000000003CF000-memory.dmp

Filesize
60KB

Download
memory/888-59-0x0000000040000000-0x000000004000C000-memory.dmp

Filesize
48KB

Download
memory/888-62-0x00000000003B0000-0x00000000003BD000-memory.dmp

Filesize
52KB

Download