buer | 3f5c2ca8320cbb82fc77e86eb0dc4bc208fddd20198cb5d65386f58ba7471421 | Triage

Sharing

General

Target

3f5c2ca8320cbb82fc77e86eb0dc4bc208fddd20198cb5d65386f58ba7471421
Size

236KB
Sample

220625-nalvzacad9
MD5

1c6713d0282f6723bc963c879fc8f7d2
SHA1

6c94575ba1d923b51cdba40ecc0553a33e766e23
SHA256

3f5c2ca8320cbb82fc77e86eb0dc4bc208fddd20198cb5d65386f58ba7471421
SHA512

24eefef37ebf1ea346a5b6a8420aa177a51667a304f1962fe3bdd0b8ee25664b6f2b7b0df15f6f29ea7b7c27f636b1f5cb9b4c31cfc0d14d43cfa48b4c6a8e61

Score

10^/10

buer loader persistence

Malware Config

Extracted

Family

buer

C2

https://gstatiknetiplist.cc/

https://gstatiknetiplist.com/

Targets

- Target
  
  3f5c2ca8320cbb82fc77e86eb0dc4bc208fddd20198cb5d65386f58ba7471421
- Size
  
  236KB
- MD5
  
  1c6713d0282f6723bc963c879fc8f7d2
- SHA1
  
  6c94575ba1d923b51cdba40ecc0553a33e766e23
- SHA256
  
  3f5c2ca8320cbb82fc77e86eb0dc4bc208fddd20198cb5d65386f58ba7471421
- SHA512
  
  24eefef37ebf1ea346a5b6a8420aa177a51667a304f1962fe3bdd0b8ee25664b6f2b7b0df15f6f29ea7b7c27f636b1f5cb9b4c31cfc0d14d43cfa48b4c6a8e61
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2