MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1889d0da16fd4ff66844c822a8a92e07a1702f1b5b97bfe6bb1a943d22d662c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

BuerLoader

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	1889d0da16fd4ff66844c822a8a92e07a1702f1b5b97bfe6bb1a943d22d662c8
SHA3-384 hash:	e7dab998ee70a21c3eb85024c83105aaf90ad4143ff69177e24e5132eff5e37e6672e4a2259a42aeef5427f930d24c4f
SHA1 hash:	79ce9877ed86eda53c93cbb10fa5952f51896ad1
MD5 hash:	50571aaed3910bfff867cbcbce73c9fc
humanhash:	sixteen-video-kentucky-green
File name:	footer.dll
Download:	download sample
Signature	BuerLoader Create hunting rule
File size:	268'288 bytes
First seen:	2021-03-03 17:53:25 UTC
Last seen:	2021-03-03 22:37:17 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	8cd1db36d21110b3be6eda6903de6222 (1 x BuerLoader)
ssdeep	6144:7BEMeQcgfCa8ARbCXrLg0O3J+ulghZVvn+3gPGZe:7BEMeQcdavM/gl7Ov1+E
Threatray	28 similar samples on MalwareBazaar
TLSH	3A444B01A7E0C034F6FB36F8597A5368A92A79A66734B0CF72D916FA57346E09C31313
Reporter	James_inthe_box
Tags:	BuerLoader dll

Intelligence

File Origin

# of uploads :

2

# of downloads :

151

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

Private_document.zip

Verdict:

Malicious activity

Analysis date:

2021-03-03 17:21:51 UTC

Tags:

loader

Link:

https://app.any.run/tasks/7bdc5b95-e98d-4f68-bd2d-95d543483c41

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

BuerLoader

Link:

https://www.capesandbox.com/analysis/121925/

Detection(s):

SecuriteInfo.com.W32.AIDetect.malware1.9964.32044.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Buer Loader

Detection:

malicious

Classification:

troj.evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/626482

Signature

Detected RDTSC dummy instruction sequence (likely for instruction hammering)

Multi AV Scanner detection for submitted file

Tries to detect virtualization through RDTSC time measurements

Yara detected Buer Loader

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1889d0da16fd4ff66844c822a8a92e07a1702f1b5b97bfe6bb1a943d22d662c8/

Threat name:

Win32.Trojan.Azorult

Status:

Malicious

First seen:

2021-03-03 17:53:16 UTC

File Type:

PE (Exe)

Extracted files:

19

AV detection:

15 of 28 (53.57%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

045a7318a9e2e550208c0c7e9fc805068df19fa73823ac3acaa049a46c4045ee

41a4ee153b3c61cc8ed50de571e5b8f884de1c8c07332b7b31f238360832988c

4f7ccbc55dda5ed45be0fc7dc48b18719556ac9018d5aa4eb9f9ff0470eaca95

650750b450fd881501aa5a879696e9d61e8fcbbad479ce37b0a2bb081d73c209

6b208bb60a779b6b4e202aa7b7593cdc0695f0534527d8d3a66c13977ef1c572

7d502dec22302537441fdc43c60eed70bcde7f97bb14414e7859439d2ec7914f

7f43651edf5d5bb92a5c6c66042d068d2d4e27cb9a6e45d46e03ca7cbfe4f39f

9cd888fa0692f8d0ca69548532ae72171b426d0e9d8b3b46acdbbe7636d653da

c1dde6f1868423ec25b5d3640840ce4372426bef5ea6f3e59d0f732f4b7222d2

e81d26edffa4b4570584bd1cb36211587108dfbbfc24f303a2c3e261cc3c59c1

+ 18 additional samples on MalwareBazaar

Result

Malware family:

buer

Score:

10/10

Tags:

family:buer loader

Link:

https://tria.ge/reports/210303-gtewgnd3x6/

Behaviour

Buer Loader

Buer

Malware Config

C2 Extraction:

pggjdfhsboecboljoh/dpn

Unpacked files

SH256 hash:

e8be40bf1341ea781d39c11a69f1718118276eca08cbefd4fa3c48d777737776

MD5 hash:

96c6efbec89ab831f8568f27ba80ec0c

SHA1 hash:

45688d2c9b305fb416a89a62aff5d5fee484772a

Detections:

win_buer_w0

Link:

https://www.unpac.me/results/460c8fe2-85aa-4c71-a23c-d95b055001f9/

SH256 hash:

1889d0da16fd4ff66844c822a8a92e07a1702f1b5b97bfe6bb1a943d22d662c8

MD5 hash:

50571aaed3910bfff867cbcbce73c9fc

SHA1 hash:

79ce9877ed86eda53c93cbb10fa5952f51896ad1

Link:

https://www.unpac.me/results/460c8fe2-85aa-4c71-a23c-d95b055001f9/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1889d0da16fd4ff66844c822a8a92e07a1702f1b5b97bfe6bb1a943d22d662c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/121925/

URLhaus

https://urlhaus.abuse.ch/url/1044968/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample