buer | 91d1851a7dfd2133102df6f58b34823726796744e62f61e4181b977026b19d6b | Triage

Submit
Reports

Overview

overview

Static

static

3

91d1851a7d...JC.exe

windows7-x64

91d1851a7d...JC.exe

windows10-2004-x64

Sharing

General

Target

91d1851a7dfd2133102df6f58b34823726796744e62f61e4181b977026b19d6b_JC.exe
Size

326KB
Sample

230826-sdjl8sbc94
MD5

8330ee5e6df29bdb94e65f2c93e3da24
SHA1

8b5d4da807717806579cc9dc117f8a91f75154ec
SHA256

91d1851a7dfd2133102df6f58b34823726796744e62f61e4181b977026b19d6b
SHA512

1cdad334545c2eec3ab6b1a9ac1e12c4b358bf863eae96ababe6bdc6c6706ce0a20e16b6bb20d94247477c0c6ba93a94572adf5305dd5b7fca09dbcfa6830ed6
SSDEEP

1536:QRhmabwrFnOATLZ+ZlDD4444444444444444444444444444444444444444444x:CupU1Wg8sZ/FXdVi3F6T6qo

Score

10^/10

buer loader persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

91d1851a7dfd2133102df6f58b34823726796744e62f61e4181b977026b19d6b_JC.exe

Resource

win7-20230712-en

buer loader persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

91d1851a7dfd2133102df6f58b34823726796744e62f61e4181b977026b19d6b_JC.exe

Resource

win10v2004-20230703-en

buer loader persistence

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

buer

C2

https://161.35.192.121/

Targets

- Target
  
  91d1851a7dfd2133102df6f58b34823726796744e62f61e4181b977026b19d6b_JC.exe
- Size
  
  326KB
- MD5
  
  8330ee5e6df29bdb94e65f2c93e3da24
- SHA1
  
  8b5d4da807717806579cc9dc117f8a91f75154ec
- SHA256
  
  91d1851a7dfd2133102df6f58b34823726796744e62f61e4181b977026b19d6b
- SHA512
  
  1cdad334545c2eec3ab6b1a9ac1e12c4b358bf863eae96ababe6bdc6c6706ce0a20e16b6bb20d94247477c0c6ba93a94572adf5305dd5b7fca09dbcfa6830ed6
- SSDEEP
  
  1536:QRhmabwrFnOATLZ+ZlDD4444444444444444444444444444444444444444444x:CupU1Wg8sZ/FXdVi3F6T6qo
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2024

Terms | Privacy