buer | d16e0cf61accda34b867910b529794f438a41231f9c2451f44e3dfdd83721ad3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

2025-03-24...5_.exe

windows7-x64

2025-03-24...5_.exe

windows10-2004-x64

Sharing

General

Target

2025-03-24_c126134648ccd1408fb868b240d68695_
Size

627KB
Sample

250324-c6a8kaxrs5
MD5

c126134648ccd1408fb868b240d68695
SHA1

693870838334230ea02d0606d253696567b8a669
SHA256

d16e0cf61accda34b867910b529794f438a41231f9c2451f44e3dfdd83721ad3
SHA512

c121a1d0d8940a1e10d7956f2628f28cf13c0d2b332be6b25ac5579ec64eb609e2b1f1dd5be5ee9f03e90a3ea0f9122d2154c16df22255ddf0f5deab23658f66
SSDEEP

12288:GTTEy2R/8MnxERV8bpUt+AC0/KVFBMuwE:GTcRUVKpticFBM8

Score

10^/10

buer discovery execution loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2025-03-24_c126134648ccd1408fb868b240d68695_.exe

Resource

win7-20240903-en

buer discovery execution loader

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-03-24_c126134648ccd1408fb868b240d68695_.exe

Resource

win10v2004-20250314-en

buer discovery execution loader

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

buer

C2

https://bankcreditsign.com/

Targets

- Target
  
  2025-03-24_c126134648ccd1408fb868b240d68695_
- Size
  
  627KB
- MD5
  
  c126134648ccd1408fb868b240d68695
- SHA1
  
  693870838334230ea02d0606d253696567b8a669
- SHA256
  
  d16e0cf61accda34b867910b529794f438a41231f9c2451f44e3dfdd83721ad3
- SHA512
  
  c121a1d0d8940a1e10d7956f2628f28cf13c0d2b332be6b25ac5579ec64eb609e2b1f1dd5be5ee9f03e90a3ea0f9122d2154c16df22255ddf0f5deab23658f66
- SSDEEP
  
  12288:GTTEy2R/8MnxERV8bpUt+AC0/KVFBMuwE:GTcRUVKpticFBM8
Score

10^/10

buer discovery execution loader
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Buer family
  buer
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

buerdiscoveryexecutionloader

behavioral2

buerdiscoveryexecutionloader

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.