buer | 69377f70dc61fe37d51443a5ce8a312aa7b682c61574b8ff02fef4e9d798133a | Triage

Submit
Reports

Overview

overview

Static

static

3

b84cb1bf75...18.exe

windows7-x64

b84cb1bf75...18.exe

windows10-2004-x64

Sharing

General

Target

b84cb1bf75e472973bed157bab410f04_JaffaCakes118
Size

300KB
Sample

240617-naefwsyakf
MD5

b84cb1bf75e472973bed157bab410f04
SHA1

fe4d97e9fd68677ae1e1b459885b3979eabba445
SHA256

69377f70dc61fe37d51443a5ce8a312aa7b682c61574b8ff02fef4e9d798133a
SHA512

266128f62ef53d596196bed76ef94c9aef135f248a2c0a9b44a909bdff4613a048875d9a8debf7082e50eea29acb32891fd7edc535d085558a9250a5f402c9a8
SSDEEP

6144:IXTq8tcMqCZuCkGZGXOGrmtiwJpIS3tJ0dNaVcW+VoImI8EDQGXI/:38cMq8uepPrSNamDT98EdI

Score

10^/10

buer loader persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b84cb1bf75e472973bed157bab410f04_JaffaCakes118.exe

Resource

win7-20240221-en

buer loader persistence

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

b84cb1bf75e472973bed157bab410f04_JaffaCakes118.exe

Resource

win10v2004-20240508-en

buer loader persistence

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

buer

C2

https://officewestunionbank.com/

Targets

- Target
  
  b84cb1bf75e472973bed157bab410f04_JaffaCakes118
- Size
  
  300KB
- MD5
  
  b84cb1bf75e472973bed157bab410f04
- SHA1
  
  fe4d97e9fd68677ae1e1b459885b3979eabba445
- SHA256
  
  69377f70dc61fe37d51443a5ce8a312aa7b682c61574b8ff02fef4e9d798133a
- SHA512
  
  266128f62ef53d596196bed76ef94c9aef135f248a2c0a9b44a909bdff4613a048875d9a8debf7082e50eea29acb32891fd7edc535d085558a9250a5f402c9a8
- SSDEEP
  
  6144:IXTq8tcMqCZuCkGZGXOGrmtiwJpIS3tJ0dNaVcW+VoImI8EDQGXI/:38cMq8uepPrSNamDT98EdI
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2024

Terms | Privacy