buer | db601f84fd39ba6be26e7a6c0cc1a74da424698244d9a1861b2f9fb980ab7dea | Triage

Submit
Reports

Overview

overview

Static

static

3

db601f84fd...JC.exe

windows7-x64

db601f84fd...JC.exe

windows10-2004-x64

Sharing

General

Target

db601f84fd39ba6be26e7a6c0cc1a74da424698244d9a1861b2f9fb980ab7dea_JC.exe
Size

336KB
Sample

230826-sxcyssdd7z
MD5

987e0fb2e2e25e7587fc73ad83dcd096
SHA1

8f84cdc64ff17e23cbc4f61cd37e3f7f4ec1b665
SHA256

db601f84fd39ba6be26e7a6c0cc1a74da424698244d9a1861b2f9fb980ab7dea
SHA512

41e544df2e12e0b195daab9ce2dce50d7067dca5f770950667ff3ca7aa2dfc4db4366528abeaccbb7712b8c24cc1f58eb73a2f0bd0852b586b8ba335e44ed37a
SSDEEP

6144:1FyuHrjLvBSC+ct43OGIKRvpjkpluW2TKTBBzHF:pSChGIevpjT8fB

Score

10^/10

buer loader persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

db601f84fd39ba6be26e7a6c0cc1a74da424698244d9a1861b2f9fb980ab7dea_JC.exe

Resource

win7-20230712-en

buer loader persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

db601f84fd39ba6be26e7a6c0cc1a74da424698244d9a1861b2f9fb980ab7dea_JC.exe

Resource

win10v2004-20230703-en

buer loader persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

buer

C2

https://165.232.118.210/

Targets

- Target
  
  db601f84fd39ba6be26e7a6c0cc1a74da424698244d9a1861b2f9fb980ab7dea_JC.exe
- Size
  
  336KB
- MD5
  
  987e0fb2e2e25e7587fc73ad83dcd096
- SHA1
  
  8f84cdc64ff17e23cbc4f61cd37e3f7f4ec1b665
- SHA256
  
  db601f84fd39ba6be26e7a6c0cc1a74da424698244d9a1861b2f9fb980ab7dea
- SHA512
  
  41e544df2e12e0b195daab9ce2dce50d7067dca5f770950667ff3ca7aa2dfc4db4366528abeaccbb7712b8c24cc1f58eb73a2f0bd0852b586b8ba335e44ed37a
- SSDEEP
  
  6144:1FyuHrjLvBSC+ct43OGIKRvpjkpluW2TKTBBzHF:pSChGIevpjT8fB
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2024

Terms | Privacy