Overview

overview

10

Static

static

1

752be5fff5...18.exe

windows7-x64

10

752be5fff5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    752be5fff55e3a059d9ec4be816d11a4_JaffaCakes118

  • Size

    693KB

  • Sample

    240526-meszeaeh9s

  • MD5

    752be5fff55e3a059d9ec4be816d11a4

  • SHA1

    e2f14b56875eb1e3ce4a2b3bd2ec92488eb51b84

  • SHA256

    a65e1e7ff8c9c03d3fa3abf621bbf69db210c1a437aebbe98a0da3b41518b698

  • SHA512

    b8c25e60c25303b212e986339d29f0b75fbaafacaef99848955b1e984603eb59102f00ac94cc22cc4c487fd9ecc34920f04f1599a543dd5643f8048c512f1b20

  • SSDEEP

    12288:rl1Ey2RgKt9rtmapruAbE7qO4R1F2LjBioLAuny:rlSmK7tm8qO3O43FYBNLAuy

Score
10/10
buerexecutionloader

Malware Config

Extracted

Family

buer

C2

https://bankcreditsign.com/

Targets

    • Target

      752be5fff55e3a059d9ec4be816d11a4_JaffaCakes118

    • Size

      693KB

    • MD5

      752be5fff55e3a059d9ec4be816d11a4

    • SHA1

      e2f14b56875eb1e3ce4a2b3bd2ec92488eb51b84

    • SHA256

      a65e1e7ff8c9c03d3fa3abf621bbf69db210c1a437aebbe98a0da3b41518b698

    • SHA512

      b8c25e60c25303b212e986339d29f0b75fbaafacaef99848955b1e984603eb59102f00ac94cc22cc4c487fd9ecc34920f04f1599a543dd5643f8048c512f1b20

    • SSDEEP

      12288:rl1Ey2RgKt9rtmapruAbE7qO4R1F2LjBioLAuny:rlSmK7tm8qO3O43FYBNLAuy

    Score
    10/10
    buerexecutionloader

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Buer Loader

      Detects Buer loader in memory or disk.

      loader

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks