Extracted

• • Target

    1ba48c78b0826e7cd6a9d2a927e1575c561d23782a9c094cd3a9e6096297e937_JC.exe

  • Size

    172KB

  • MD5

    98b738e1751444de2fbb696cb7a8dda5

  • SHA1

    1ce99114d5957f451ccc3e50959ba1ecfcd3699a

  • SHA256

    1ba48c78b0826e7cd6a9d2a927e1575c561d23782a9c094cd3a9e6096297e937

  • SHA512

    0248e148d82e471506bbfd191717de41d8403dad499547ae7686d77833aa47b903fa2175947b08a5e0984b92a99fc81c47b2234fc3d112ec1198e6bdf64b4879

  • SSDEEP

    1536:4gtwp3Ct5Bsh9atD6i4+WVEdXT9HNhmBhFOH3aaaaaaaaaaaaaaaaaaaaaaaaadb:HwtIx+61cAIp9BAVf2S

  Score

  10^/10

  buerloaderpersistence

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer

  • Modifies WinLogon for persistence

    persistence

  • Buer Loader

    Detects Buer loader in memory or disk.

    loader

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2