buer | 1e37cf52cafb1f3e6eea67caa620379f37e5bd271fa21786ee33ad000164da83 | Triage

Submit
Reports

Overview

overview

Static

static

1

a661541c4c...5e.exe

windows7-x64

a661541c4c...5e.exe

windows10-2004-x64

Sharing

General

Target

a661541c4cbeb1db859f6cec6c53979b5633c75e
Size

90KB
Sample

230201-fws76sca43
MD5

b3290148681f8218ecb80ca430f9fdba
SHA1

a661541c4cbeb1db859f6cec6c53979b5633c75e
SHA256

1e37cf52cafb1f3e6eea67caa620379f37e5bd271fa21786ee33ad000164da83
SHA512

327abbb1b2a12cd6f1298d40c7ba115dfeeffd17e309aad50e20c4ba2af95263aec208a1a32e9c3fa6d1a8f184df539cc89d9dce12f04837789b22b40472302d
SSDEEP

1536:DHYMiClDhdyA5x5Z0Dvyecobn6RN4vr3d6TJsGmGYWAPgnMNQ:DYjClDhQlDvrcob6H4DXnOmQ

Score

10^/10

buer loader persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a661541c4cbeb1db859f6cec6c53979b5633c75e.exe

Resource

win7-20221111-en

buer loader persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

a661541c4cbeb1db859f6cec6c53979b5633c75e.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

buer

C2

https://kkjjhhdff.site/

https://oderstrg.site/

Targets

- Target
  
  a661541c4cbeb1db859f6cec6c53979b5633c75e
- Size
  
  90KB
- MD5
  
  b3290148681f8218ecb80ca430f9fdba
- SHA1
  
  a661541c4cbeb1db859f6cec6c53979b5633c75e
- SHA256
  
  1e37cf52cafb1f3e6eea67caa620379f37e5bd271fa21786ee33ad000164da83
- SHA512
  
  327abbb1b2a12cd6f1298d40c7ba115dfeeffd17e309aad50e20c4ba2af95263aec208a1a32e9c3fa6d1a8f184df539cc89d9dce12f04837789b22b40472302d
- SSDEEP
  
  1536:DHYMiClDhdyA5x5Z0Dvyecobn6RN4vr3d6TJsGmGYWAPgnMNQ:DYjClDhQlDvrcob6H4DXnOmQ
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

© 2018-2024

Terms | Privacy