buer | 44dc7a78801f705233f20d4b37c0e8f72805a86418ba3fe786ec0b14a481cf07 | Triage

Analysis

max time kernel
26s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
07-07-2022 17:57

Sharing

Report Analysis Logs

General

Target

44dc7a78801f705233f20d4b37c0e8f72805a86418ba3fe786ec0b14a481cf07.exe
Size

276KB
MD5

f112db5fe30ce25faac045d2eb5b9e14
SHA1

346fa76565cb15beef5306466ad99be143f5a76f
SHA256

44dc7a78801f705233f20d4b37c0e8f72805a86418ba3fe786ec0b14a481cf07
SHA512

81e8b5f313b5ca4e4696ccb33a3381c24e57f2ce6700767c7e81db5579239d096ba24082cd429610eb6c91ad5cc3c4d9a786b6cd2178f0f8c25b1179efe9412f

Score

10^/10

buer loader

Malware Config

Extracted

Family

buer

C2

http://koralak.hk/

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 3 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral1/memory/1492-55-0x0000000000230000-0x0000000000239000-memory.dmp	buer
behavioral1/memory/1492-56-0x0000000040000000-0x00000000432F3000-memory.dmp	buer
behavioral1/memory/1492-57-0x0000000040000000-0x00000000432F3000-memory.dmp	buer

C:\Users\Admin\AppData\Local\Temp\44dc7a78801f705233f20d4b37c0e8f72805a86418ba3fe786ec0b14a481cf07.exe
"C:\Users\Admin\AppData\Local\Temp\44dc7a78801f705233f20d4b37c0e8f72805a86418ba3fe786ec0b14a481cf07.exe"
1⤵
PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1492-54-0x00000000004EB000-0x00000000004F2000-memory.dmp

Filesize
28KB

Download
memory/1492-55-0x0000000000230000-0x0000000000239000-memory.dmp

Filesize
36KB

Download
memory/1492-56-0x0000000040000000-0x00000000432F3000-memory.dmp

Filesize
50.9MB

Download
memory/1492-57-0x0000000040000000-0x00000000432F3000-memory.dmp

Filesize
50.9MB

Download