Overview

overview

10

Static

static

3

ea83585761...18.exe

windows7-x64

10

ea83585761...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea8358576152f09c0ea641691ec51e09_JaffaCakes118

  • Size

    124KB

  • Sample

    240919-d6w1psyfrd

  • MD5

    ea8358576152f09c0ea641691ec51e09

  • SHA1

    295076b9d5152fadd9a88b2933615e2d58b9f501

  • SHA256

    54b7bba0fc0b998427ddd65c88fc8d5d5afe20304d043cd2831c6ca646bce0b0

  • SHA512

    39268cef0ae11605d357f5c6053bd1f50e169b8e704a76e71c0cec088362b16e3b8ead4c0ae5191618a22475727f1011549389132df74575e3c0190bc65f502b

  • SSDEEP

    3072:Lf1BDZ0kVB67Duw9AMc+bEupgCJ6G8sl6E8j9MKZbEbOUuMaKESJNQ:L9X0Gg9p9ZD0MK2iUdM

Score
10/10
buerdiscoveryloaderpersistence

Malware Config

Extracted

Family

buer

C2

https://eternitydev.me/

https://masonkhonsari.me/

Targets

    • Target

      ea8358576152f09c0ea641691ec51e09_JaffaCakes118

    • Size

      124KB

    • MD5

      ea8358576152f09c0ea641691ec51e09

    • SHA1

      295076b9d5152fadd9a88b2933615e2d58b9f501

    • SHA256

      54b7bba0fc0b998427ddd65c88fc8d5d5afe20304d043cd2831c6ca646bce0b0

    • SHA512

      39268cef0ae11605d357f5c6053bd1f50e169b8e704a76e71c0cec088362b16e3b8ead4c0ae5191618a22475727f1011549389132df74575e3c0190bc65f502b

    • SSDEEP

      3072:Lf1BDZ0kVB67Duw9AMc+bEupgCJ6G8sl6E8j9MKZbEbOUuMaKESJNQ:L9X0Gg9p9ZD0MK2iUdM

    Score
    10/10
    buerdiscoveryloaderpersistence

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Modifies WinLogon for persistence

      persistence

    • Buer Loader

      Detects Buer loader in memory or disk.

      loader

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fccff8cb7a1067e23fd2e2b63971a8e1

    • SHA1

      30e2a9e137c1223a78a0f7b0bf96a1c361976d91

    • SHA256

      6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

    • SHA512

      f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

    • SSDEEP

      192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      tmp.exe

    • Size

      120KB

    • MD5

      5c509d1af9a1e914c2f44f725b391afb

    • SHA1

      e53a38c381e40a02867d280a7363e8becca5a6c3

    • SHA256

      44e5ab9cd8b8c02f5c28871cb59c5beb1106e4159e5d4b6aa591335e1b4c6b2f

    • SHA512

      60dc5a4ac44dcc6ad5610c1358afd0d3c01d40d6ffce76b61034212c3c1d557ef91d76f756ceccc44dea7c7d00441296b6aa240954f40100dfecaa1aa95fcfe8

    • SSDEEP

      3072:G2A3MDSSCijJr/w0WGuTRGQaPgr5eBJoB2hNUMhTKJ:G2A8BrRuTRzeKMFKJ

    Score
    10/10
    buerdiscoveryloaderpersistence

    • Buer

      Buer is a new modular loader first seen in August 2019.

      loaderbuer

    • Modifies WinLogon for persistence

      persistence

    • Buer Loader

      Detects Buer loader in memory or disk.

      loader

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks