buer | ebe7750b041da33f5213aa714a8c8a26542ca6f4581314fd193b71560abe7e0b | Triage

Submit
Reports

Overview

overview

Static

static

3

1ba48c78b0...37.exe

windows10-2004-x64

Sharing

General

Target

1ba48c78b0826e7cd6a9d2a927e1575c561d23782a9c094cd3a9e6096297e937.zip
Size

67KB
Sample

240418-wg4claca2x
MD5

b93649ae694a39d910536772045203e9
SHA1

ae5b69cbfaa244ae9f12e050718ca531868d789e
SHA256

ebe7750b041da33f5213aa714a8c8a26542ca6f4581314fd193b71560abe7e0b
SHA512

a3c629eab07200e7acd32026fb7f85bfb59f62ffa009418b406d79f925704c11036ea2d681aa4a27a7a325adc0874308f2a30e1ab21ef5c32befb7c8c6fbd515
SSDEEP

1536:20kbHA3temebeMtvY9bg8mlSkARQ+A5q4n4Tu2m52sUFGM5qlr:d+otemmeMukcXD4n4LzsUFF5k

Score

10^/10

buer loader persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1ba48c78b0826e7cd6a9d2a927e1575c561d23782a9c094cd3a9e6096297e937.exe

Resource

win10v2004-20240412-en

buer loader persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

buer

C2

https://165.232.118.210/

Targets

- Target
  
  1ba48c78b0826e7cd6a9d2a927e1575c561d23782a9c094cd3a9e6096297e937.exe
- Size
  
  172KB
- MD5
  
  98b738e1751444de2fbb696cb7a8dda5
- SHA1
  
  1ce99114d5957f451ccc3e50959ba1ecfcd3699a
- SHA256
  
  1ba48c78b0826e7cd6a9d2a927e1575c561d23782a9c094cd3a9e6096297e937
- SHA512
  
  0248e148d82e471506bbfd191717de41d8403dad499547ae7686d77833aa47b903fa2175947b08a5e0984b92a99fc81c47b2234fc3d112ec1198e6bdf64b4879
- SSDEEP
  
  1536:4gtwp3Ct5Bsh9atD6i4+WVEdXT9HNhmBhFOH3aaaaaaaaaaaaaaaaaaaaaaaaadb:HwtIx+61cAIp9BAVf2S
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Deletes itself
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

© 2018-2024

Terms | Privacy