buer | cfb4266735f9806e94537f71a1e289ce6db041484159c07be6a8d5b3ce12abf9 | Triage

Submit
Reports

Overview

overview

Static

static

cfb4266735...f9.exe

windows7_x64

cfb4266735...f9.exe

windows10-2004_x64

Sharing

General

Target

cfb4266735f9806e94537f71a1e289ce6db041484159c07be6a8d5b3ce12abf9
Size

212KB
Sample

220625-m95lpacac6
MD5

a4d06844d2cb6555d28d7160044df583
SHA1

bb25fc9c6bd3b6260d05b03fffbec75e679a81a9
SHA256

cfb4266735f9806e94537f71a1e289ce6db041484159c07be6a8d5b3ce12abf9
SHA512

bf3dd5469cfe2093505373a3ce7d322b6057fa367462b55be43b173febf1021d66b430f98ad78a497d2db93244b8a4f739136e5e680c9d2706383151c899cfc1

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

cfb4266735f9806e94537f71a1e289ce6db041484159c07be6a8d5b3ce12abf9.exe

Resource

win7-20220414-en

buer loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cfb4266735f9806e94537f71a1e289ce6db041484159c07be6a8d5b3ce12abf9.exe

Resource

win10v2004-20220414-en

buer loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://95.217.81.68/

http://95.217.81.68:8080/

Targets

- Target
  
  cfb4266735f9806e94537f71a1e289ce6db041484159c07be6a8d5b3ce12abf9
- Size
  
  212KB
- MD5
  
  a4d06844d2cb6555d28d7160044df583
- SHA1
  
  bb25fc9c6bd3b6260d05b03fffbec75e679a81a9
- SHA256
  
  cfb4266735f9806e94537f71a1e289ce6db041484159c07be6a8d5b3ce12abf9
- SHA512
  
  bf3dd5469cfe2093505373a3ce7d322b6057fa367462b55be43b173febf1021d66b430f98ad78a497d2db93244b8a4f739136e5e680c9d2706383151c899cfc1
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2024

Terms | Privacy