buer | 3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776 | Triage

Submit
Reports

Overview

overview

Static

static

3

26244e477f...18.exe

windows7-x64

26244e477f...18.exe

windows10-2004-x64

Sharing

General

Target

26244e477fce74ab4e36e26e600a96b0_JaffaCakes118
Size

205KB
Sample

240508-w3vycaha7x
MD5

26244e477fce74ab4e36e26e600a96b0
SHA1

f2d51d793857e6d9829f24f711b37664cd737fa5
SHA256

3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776
SHA512

f6e0525a3295613137d9a102d9fcf6cf052df90e9676b3c9d260bc5353656ce31fb515bfd6a133ee9858b865a34207388f156510b41920c8e0913fc411b47d5d
SSDEEP

3072:KG1Q3vIG+2St2z8hvWHMeqhOOf4TpIgErI25:KG1UIG2DWHMeqUOQTng95

Score

10^/10

buer loader persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

26244e477fce74ab4e36e26e600a96b0_JaffaCakes118.exe

Resource

win7-20240419-en

buer loader persistence

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

26244e477fce74ab4e36e26e600a96b0_JaffaCakes118.exe

Resource

win10v2004-20240508-en

buer loader persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

buer

C2

https://rawcookies.ru/

https://westkingz.ru/

Targets

- Target
  
  26244e477fce74ab4e36e26e600a96b0_JaffaCakes118
- Size
  
  205KB
- MD5
  
  26244e477fce74ab4e36e26e600a96b0
- SHA1
  
  f2d51d793857e6d9829f24f711b37664cd737fa5
- SHA256
  
  3c2382bdd0ace893cf833df5096a739330cd4f6cd1cc8e410634bdd166b5c776
- SHA512
  
  f6e0525a3295613137d9a102d9fcf6cf052df90e9676b3c9d260bc5353656ce31fb515bfd6a133ee9858b865a34207388f156510b41920c8e0913fc411b47d5d
- SSDEEP
  
  3072:KG1Q3vIG+2St2z8hvWHMeqhOOf4TpIgErI25:KG1UIG2DWHMeqUOQTng95
Score

10^/10

buer loader persistence
- Buer
  Buer is a new modular loader first seen in August 2019.
  loader buer
- Modifies WinLogon for persistence
  persistence
- Buer Loader
  Detects Buer loader in memory or disk.
  loader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

buerloaderpersistence

behavioral2

buerloaderpersistence

© 2018-2024

Terms | Privacy