Extracted

• • Target

    f539613bb8aa110f64481c22d073f510_JaffaCakes118

  • Size

    236KB

  • MD5

    f539613bb8aa110f64481c22d073f510

  • SHA1

    c961c5aec12d17d0e6427bb2886619d604947c9a

  • SHA256

    e173a639506cfac3f65723d711ad072d18b95f2776581d43407e1ffb6bec441f

  • SHA512

    dba51c39a1d9f8cfe9d2a9b1cd9b06cb25f8bc60d3cae43105bb32cee0e7ff96960bd2438d4ee6e641a1416c05a5c67036696e195bb9f1cf17e49ebf158fc276

  • SSDEEP

    3072:sR9HSUA9Au2+coOnrvBcopuYYtZRsROxO1fcjBN27oZV3DwdOwUqx+LR3:49HdA9A1oyTBcop1jQxO98bvUUqcF

  Score

  10^/10

  buerdiscoveryloaderpersistence

  • Buer

    Buer is a new modular loader first seen in August 2019.

    loaderbuer

  • Modifies WinLogon for persistence

    persistence

  • Buer Loader

    Detects Buer loader in memory or disk.

    loader

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2