buer | ea30609c8243364f55484fefa8dc8695471387cc8c31d97220c09647367de2b7 | Triage

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
31-07-2022 05:38

Sharing

Report Analysis Logs

General

Target

ea30609c8243364f55484fefa8dc8695471387cc8c31d97220c09647367de2b7.exe
Size

205KB
MD5

c6626050ea71bfd86c2d2fc3c1563eb3
SHA1

9d91e04408f2c9a17aa8ede8f39f90a41641c0f0
SHA256

ea30609c8243364f55484fefa8dc8695471387cc8c31d97220c09647367de2b7
SHA512

34b67932645a8b2f4bc860224143cf08728aa9e8fda07cb80eeb5e504bfa8c9f5cba5f254f242480b1ee2147d1c058e983a353422490aabff9336320316096d6

Score

10^/10

buer loader

Malware Config

Extracted

Family

buer

C2

http://koralak.hk/

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 3 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral1/memory/2000-55-0x0000000000220000-0x0000000000229000-memory.dmp	buer
behavioral1/memory/2000-56-0x0000000040000000-0x00000000403AA000-memory.dmp	buer
behavioral1/memory/2000-57-0x0000000040000000-0x00000000403AA000-memory.dmp	buer

C:\Users\Admin\AppData\Local\Temp\ea30609c8243364f55484fefa8dc8695471387cc8c31d97220c09647367de2b7.exe
"C:\Users\Admin\AppData\Local\Temp\ea30609c8243364f55484fefa8dc8695471387cc8c31d97220c09647367de2b7.exe"
1⤵
PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-54-0x000000000054B000-0x0000000000552000-memory.dmp

Filesize
28KB

Download
memory/2000-55-0x0000000000220000-0x0000000000229000-memory.dmp

Filesize
36KB

Download
memory/2000-56-0x0000000040000000-0x00000000403AA000-memory.dmp

Filesize
3.7MB

Download
memory/2000-57-0x0000000040000000-0x00000000403AA000-memory.dmp

Filesize
3.7MB

Download