buer | e16557266a535dc246ed5de486bf28bc090b4867cf5bb13d97df68a4f1a8884b | Triage

Submit
Reports

Overview

overview

Static

static

e16557266a...4b.exe

windows7_x64

e16557266a...4b.exe

windows10-2004_x64

Sharing

General

Target

e16557266a535dc246ed5de486bf28bc090b4867cf5bb13d97df68a4f1a8884b
Size

267KB
Sample

220625-nd3mwscca9
MD5

77bb261d5742e63341907e79a570eb2b
SHA1

eba5ee5b28cbe3c65b15430f81e7f105fdbb6468
SHA256

e16557266a535dc246ed5de486bf28bc090b4867cf5bb13d97df68a4f1a8884b
SHA512

b1f6825265a82f7ab8f839d325deaa24cb80144578b69d8f1437aec2d010e5159de4b643cae4d58a6e644910c11b1d23390f4192c60ce83fdfb9281c371217ef

Score

10^/10

buer loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

e16557266a535dc246ed5de486bf28bc090b4867cf5bb13d97df68a4f1a8884b.exe

Resource

win7-20220414-en

buer loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e16557266a535dc246ed5de486bf28bc090b4867cf5bb13d97df68a4f1a8884b.exe

Resource

win10v2004-20220414-en

buer loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

buer

C2

https://gstatiknetiplist.cc/

https://gstatiknetiplist.com/

Targets

- Target
  
  e16557266a535dc246ed5de486bf28bc090b4867cf5bb13d97df68a4f1a8884b
- Size
  
  267KB
- MD5
  
  77bb261d5742e63341907e79a570eb2b
- SHA1
  
  eba5ee5b28cbe3c65b15430f81e7f105fdbb6468
- SHA256
  
  e16557266a535dc246ed5de486bf28bc090b4867cf5bb13d97df68a4f1a8884b
- SHA512
  
  b1f6825265a82f7ab8f839d325deaa24cb80144578b69d8f1437aec2d010e5159de4b643cae4d58a6e644910c11b1d23390f4192c60ce83fdfb9281c371217ef
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2024

Terms | Privacy