An Analysis of Buer Loader
Common Information
| Type | Value |
|---|---|
| UUID | 98ddb55c-c1e6-4134-a521-e49c72a3d68d |
| Fingerprint | 90ec6124aaf67b11f9898e1aba3b861e639c6032125519d78720561f8bbe113f |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Nov. 5, 2021, 7:51 p.m. |
| Added to db | April 14, 2024, 9:12 a.m. |
| Last updated | Aug. 31, 2024, 6:59 a.m. |
| Headline | An Analysis of Buer Loader |
| Title | An Analysis of Buer Loader |
| Detected Hints/Tags/Attributes | 103/3/47 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | softersyu.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | khorum.ru |
|
| Details | Domain | 34 | exploit.im |
|
| Details | Domain | 1 | cerionetya.com |
|
| Details | Domain | 1 | bostauherde.com |
|
| Details | Domain | 1 | awmelisers.com |
|
| Details | Domain | 1 | seryanjek.com |
|
| Details | Domain | 1 | vesupyny.com |
|
| Details | Domain | 71 | news.sophos.com |
|
| Details | Domain | 4 | cisomag.eccouncil.org |
|
| Details | Domain | 21 | blog.group-ib.com |
|
| Details | Domain | 370 | www.proofpoint.com |
|
| Details | Domain | 144 | www.fortinet.com |
|
| Details | 1 | ntquerydefaultlocale@ntdll.dll |
||
| Details | File | 2125 | cmd.exe |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 42 | vboxservice.exe |
|
| Details | File | 44 | vboxtray.exe |
|
| Details | File | 74 | vmtoolsd.exe |
|
| Details | File | 28 | vmwaretray.exe |
|
| Details | File | 30 | vmwareuser.exe |
|
| Details | File | 15 | vgauthservice.exe |
|
| Details | File | 26 | vmacthlp.exe |
|
| Details | File | 14 | vmsrvc.exe |
|
| Details | File | 14 | vmusrvc.exe |
|
| Details | File | 9 | prl_cc.exe |
|
| Details | File | 11 | prl_tools.exe |
|
| Details | File | 9 | xenservice.exe |
|
| Details | File | 10 | qemu-ga.exe |
|
| Details | File | 6 | windanr.exe |
|
| Details | sha1 | 1 | 996fb92427ae41e4649b934ca495991b7852b855 |
|
| Details | sha256 | 1 | 299bc0beffe830d0871f8f6d7cadb40117208ea59f59cadd08b220b903f4e31c |
|
| Details | IPv4 | 1 | 104.248.244.25 |
|
| Details | IPv4 | 1 | 161.35.155.123 |
|
| Details | IPv4 | 1 | 207.154.216.70 |
|
| Details | IPv4 | 1 | 142.93.102.244 |
|
| Details | IPv4 | 1 | 161.35.210.224 |
|
| Details | IPv4 | 2 | 161.35.21.48 |
|
| Details | IPv4 | 1 | 167.99.202.172 |
|
| Details | Url | 1 | https://github.com/libcala/whoami |
|
| Details | Url | 1 | https://news.sophos.com/en-us/2020/10/28/hacks-for-sale-inside-the-buer- |
|
| Details | Url | 1 | https://cisomag.eccouncil.org/buer-loader-a-rising-superstar-of-the-dark- |
|
| Details | Url | 1 | https://blog.group-ib.com/prometheus-tds. |
|
| Details | Url | 1 | https://www.proofpoint.com/us/threat-insight/post/buer-new-loader-emerges-underground-marketplace. |
|
| Details | Url | 1 | https://www.proofpoint.com/us/blog/threat-insight/new-variant-buer-loader-written-rust. |
|
| Details | Url | 5 | https://www.fortinet.com/blog/threat- |