Extracted

• • Target

    8b44470c7ff69ae671ff6e04550ee15f_JaffaCakes118

  • Size

    598KB

  • MD5

    8b44470c7ff69ae671ff6e04550ee15f

  • SHA1

    123f9a7487cd0fdd772f0e7bb19e70d1ee3a32e7

  • SHA256

    6c7f43434e5db8703c0a47dedeeab976159d8704bfbe2e4ff65405f38d508e9d

  • SHA512

    0e03e5895bd406ed61c6e5343e184eb5a86d4ee1b195b35be88fea4fee4508b0a525725ec92971f2c0bc1a929d4dda1f0853bc576071cdefef8adb1a5f45e0de

  • SSDEEP

    12288:CTGH1xeTanpp9tmq7sXV6ZwnNrlnButp4aCiUOREDw:CibmqYcZwnNRH4R9

  Score

  10^/10

  buerdiscoveryexecutionloader

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer

  • Buer Loader

    Detects Buer loader in memory or disk.

    loader

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2