buer | 75e985ad843283de707a360843a5ac65e0800b8dde13004c9eec247bc4ee4437 | Triage

Submit
Reports

Overview

overview

Static

static

3

e6fe558f6c...15.exe

windows7-x64

e6fe558f6c...15.exe

windows10-2004-x64

Sharing

General

Target

e6fe558f6c026493bff28c7451069715.exe
Size

307KB
Sample

240320-3ettpsfa21
MD5

e6fe558f6c026493bff28c7451069715
SHA1

edfa573934a1b0505727e0d4b1b0544f11523e7e
SHA256

75e985ad843283de707a360843a5ac65e0800b8dde13004c9eec247bc4ee4437
SHA512

ff896b158a5f9b81ef945667774e4d0ab48940ac5848a8c7fe8fd151773c3acb60d9673cd155317a90d3658ea5997158fd60b1b6dd3161927a3d3c86cfd61dbd
SSDEEP

3072:RlJLNbCckq+PcKNEXZDr6EQb4rhLxZ60uDO/6sBh7aFTvCoVoJ7rMRk2JYn3:RsqXZq5b4rXZJu6/jn7aFTe7ARW

Score

10^/10

buer stealc discovery loader persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e6fe558f6c026493bff28c7451069715.exe

Resource

win7-20240221-en

stealc discovery persistence spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

e6fe558f6c026493bff28c7451069715.exe

Resource

win10v2004-20240226-en

buer stealc discovery loader persistence spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  e6fe558f6c026493bff28c7451069715.exe
- Size
  
  307KB
- MD5
  
  e6fe558f6c026493bff28c7451069715
- SHA1
  
  edfa573934a1b0505727e0d4b1b0544f11523e7e
- SHA256
  
  75e985ad843283de707a360843a5ac65e0800b8dde13004c9eec247bc4ee4437
- SHA512
  
  ff896b158a5f9b81ef945667774e4d0ab48940ac5848a8c7fe8fd151773c3acb60d9673cd155317a90d3658ea5997158fd60b1b6dd3161927a3d3c86cfd61dbd
- SSDEEP
  
  3072:RlJLNbCckq+PcKNEXZDr6EQb4rhLxZ60uDO/6sBh7aFTvCoVoJ7rMRk2JYn3:RsqXZq5b4rXZJu6/jn7aFTe7ARW
Score

10^/10

stealc discovery persistence spyware stealer buer loader
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdiscoverypersistencespywarestealer

behavioral2

buerstealcdiscoveryloaderpersistencespywarestealer

© 2018-2024

Terms | Privacy