Overview

overview

10

Static

static

8348ec1026...de.exe

windows7-x64

10

8348ec1026...de.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8348ec102670bb9c2445dc6fc179dcfdf650ec398ef71cb39056566236a2a5de

  • Size

    1.6MB

  • Sample

    220724-szalfshcbj

  • MD5

    6a8d2eda7035eeb6082ae635ce2429e5

  • SHA1

    d790b191fb6478f458af6a4ac5bfa5d3bcc3001d

  • SHA256

    8348ec102670bb9c2445dc6fc179dcfdf650ec398ef71cb39056566236a2a5de

  • SHA512

    986a4e181bd1749415ce63a10671db49a7b758f1ed5f604a54bcdc75eab69f3336adff189a65ddf6bb7502b37c898143797ca050b6c5c742bb6ae70bb8c6734a

Score
10/10
buerevasionloader

Malware Config

Extracted

Family

buer

C2

https://loddd01.info/

https://loddd02.info/

Targets

    • Target

      8348ec102670bb9c2445dc6fc179dcfdf650ec398ef71cb39056566236a2a5de

    • Size

      1.6MB

    • MD5

      6a8d2eda7035eeb6082ae635ce2429e5

    • SHA1

      d790b191fb6478f458af6a4ac5bfa5d3bcc3001d

    • SHA256

      8348ec102670bb9c2445dc6fc179dcfdf650ec398ef71cb39056566236a2a5de

    • SHA512

      986a4e181bd1749415ce63a10671db49a7b758f1ed5f604a54bcdc75eab69f3336adff189a65ddf6bb7502b37c898143797ca050b6c5c742bb6ae70bb8c6734a

    Score
    10/10
    buerevasionloader

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Buer Loader

      Detects Buer loader in memory or disk.

      loader

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks