buer | f4f02f78b8d89ed5063773985d4ad7b4c9205417b34787fb945f739134a85a8b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

e23246d5a1...18.dll

windows7-x64

e23246d5a1...18.dll

windows10-2004-x64

Sharing

General

Target

e23246d5a16fd344dfd2fc7177d43890_JaffaCakes118
Size

3.2MB
Sample

240915-lqxlasxcmb
MD5

e23246d5a16fd344dfd2fc7177d43890
SHA1

9d0ee3d8896911c2743ff89c72c30639f0851f52
SHA256

f4f02f78b8d89ed5063773985d4ad7b4c9205417b34787fb945f739134a85a8b
SHA512

01d4b4c0c60272759906f3c2d255a0378c9b4c081878866c9beef187a8c58b53d7da50109541f2da3051035e72b7a60b54710d6e3cddd01a28eb1009bc6af1ed
SSDEEP

49152:GYRxMUVRngWxp5Czu06spJDJXv2Suyic6346LE3Vtj2RwA+M:GuS0RnNYss5XvMy0346g3emA

Score

10^/10

buer discovery loader vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e23246d5a16fd344dfd2fc7177d43890_JaffaCakes118.dll

Resource

win7-20240903-en

buer discovery loader vmprotect

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

e23246d5a16fd344dfd2fc7177d43890_JaffaCakes118.dll

Resource

win10v2004-20240802-en

buer discovery loader vmprotect

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

buer

C2

complexofferstobakn.com

Targets

- Target
  
  e23246d5a16fd344dfd2fc7177d43890_JaffaCakes118
- Size
  
  3.2MB
- MD5
  
  e23246d5a16fd344dfd2fc7177d43890
- SHA1
  
  9d0ee3d8896911c2743ff89c72c30639f0851f52
- SHA256
  
  f4f02f78b8d89ed5063773985d4ad7b4c9205417b34787fb945f739134a85a8b
- SHA512
  
  01d4b4c0c60272759906f3c2d255a0378c9b4c081878866c9beef187a8c58b53d7da50109541f2da3051035e72b7a60b54710d6e3cddd01a28eb1009bc6af1ed
- SSDEEP
  
  49152:GYRxMUVRngWxp5Czu06spJDJXv2Suyic6346LE3Vtj2RwA+M:GuS0RnNYss5XvMy0346g3emA
Score

10^/10

buer discovery loader vmprotect
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerdiscoveryloadervmprotect

behavioral2

buerdiscoveryloadervmprotect

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.