buer | ea30609c8243364f55484fefa8dc8695471387cc8c31d97220c09647367de2b7 | Triage

Analysis

max time kernel
117s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2022 05:38

Sharing

Report Analysis Logs

General

Target

ea30609c8243364f55484fefa8dc8695471387cc8c31d97220c09647367de2b7.exe
Size

205KB
MD5

c6626050ea71bfd86c2d2fc3c1563eb3
SHA1

9d91e04408f2c9a17aa8ede8f39f90a41641c0f0
SHA256

ea30609c8243364f55484fefa8dc8695471387cc8c31d97220c09647367de2b7
SHA512

34b67932645a8b2f4bc860224143cf08728aa9e8fda07cb80eeb5e504bfa8c9f5cba5f254f242480b1ee2147d1c058e983a353422490aabff9336320316096d6

Score

10^/10

buer loader

Malware Config

Extracted

Family

buer

C2

http://koralak.hk/

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Buer Loader 3 IoCs

Detects Buer loader in memory or disk.

resource	yara_rule
behavioral2/memory/4420-131-0x00000000001C0000-0x00000000001C9000-memory.dmp	buer
behavioral2/memory/4420-132-0x0000000040000000-0x00000000403AA000-memory.dmp	buer
behavioral2/memory/4420-133-0x0000000040000000-0x00000000403AA000-memory.dmp	buer

C:\Users\Admin\AppData\Local\Temp\ea30609c8243364f55484fefa8dc8695471387cc8c31d97220c09647367de2b7.exe
"C:\Users\Admin\AppData\Local\Temp\ea30609c8243364f55484fefa8dc8695471387cc8c31d97220c09647367de2b7.exe"
1⤵
PID:4420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4420-131-0x00000000001C0000-0x00000000001C9000-memory.dmp

Filesize
36KB

Download
memory/4420-130-0x000000000079E000-0x00000000007A5000-memory.dmp

Filesize
28KB

Download
memory/4420-132-0x0000000040000000-0x00000000403AA000-memory.dmp

Filesize
3.7MB

Download
memory/4420-133-0x0000000040000000-0x00000000403AA000-memory.dmp

Filesize
3.7MB

Download