Overview

overview

10

Static

static

1

935c24fca5...18.exe

windows7-x64

10

935c24fca5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    935c24fca50f8ac28c040a8c3823df13_JaffaCakes118

  • Size

    627KB

  • Sample

    240604-cmgw1ahg8y

  • MD5

    935c24fca50f8ac28c040a8c3823df13

  • SHA1

    c7a6e7ace50c47e1d3a54ffd50dbdab26ddcf4ce

  • SHA256

    611ebfdce09ab9d4966796e03fbe0a6e9bc4f6e4a8f81d941d0a5b39c0bab6ff

  • SHA512

    ee2f7213d4ce85865f947d9b6f5ded3535f6337c12f5141cb6ed58d48c20b257a613799e29fd9f5e5c7706d3d38f9e93119752dc3726e0d71b5dcc233fc4fec9

  • SSDEEP

    12288:STTEy2Ryh8MnxERV8bpUt+AC0/KVFBMuqE:STc4NUVKpticFBMG

Score
10/10
buerexecutionloader

Malware Config

Extracted

Family

buer

C2

https://bankcreditsign.com/

Targets

    • Target

      935c24fca50f8ac28c040a8c3823df13_JaffaCakes118

    • Size

      627KB

    • MD5

      935c24fca50f8ac28c040a8c3823df13

    • SHA1

      c7a6e7ace50c47e1d3a54ffd50dbdab26ddcf4ce

    • SHA256

      611ebfdce09ab9d4966796e03fbe0a6e9bc4f6e4a8f81d941d0a5b39c0bab6ff

    • SHA512

      ee2f7213d4ce85865f947d9b6f5ded3535f6337c12f5141cb6ed58d48c20b257a613799e29fd9f5e5c7706d3d38f9e93119752dc3726e0d71b5dcc233fc4fec9

    • SSDEEP

      12288:STTEy2Ryh8MnxERV8bpUt+AC0/KVFBMuqE:STc4NUVKpticFBMG

    Score
    10/10
    buerexecutionloader

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Buer Loader

      Detects Buer loader in memory or disk.

      loader

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks