Buer Loader Analysis, a Rusted malware program - TEHTRIS
Tags
| attack-pattern: | Data Model Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 0ce589a4-a232-4d11-9d77-d9baa9a822e8 |
| Fingerprint | a46418752dbb2fa2 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 20, 2022, 8 a.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Buer Loader Analysis, a Rusted malware program |
| Title | Buer Loader Analysis, a Rusted malware program - TEHTRIS |
| Detected Hints/Tags/Attributes | 35/1/72 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://tehtris.com/en/blog/buer-loader-analysis-a-rusted-malware-program |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Url | 1 | https://github.com/you0708/ida/tree/master/idapython_tools/findcrypt |
|
| Details | Url | 1 | https://github.com/gendx/lzma-rs |
|
| Details | Url | 1 | https://fr.wikipedia.org/wiki/générateur_de_nombres_pseudo-aléatoires |
|
| Details | Url | 2 | https://www.trendmicro.com/vinfo/us/security/definition/command-and-control-server |
|
| Details | Url | 1 | https://golang.org |
|
| Details | Domain | 1 | www.rust-lang.org |
|
| Details | Domain | 2 | www.tiobe.com |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 370 | www.proofpoint.com |
|
| Details | Domain | 4 | fr.wikipedia.org |
|
| Details | Domain | 8 | www.zynamics.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 32 | golang.org |
|
| Details | Domain | 1 | www.embarcadero.com |
|
| Details | Domain | 1 | cython.org |
|
| Details | Domain | 268 | www.virustotal.com |
|
| Details | Domain | 768 | www.youtube.com |
|
| Details | Domain | 7 | www.unicorn-engine.org |
|
| Details | File | 42 | vboxservice.exe |
|
| Details | File | 44 | vboxtray.exe |
|
| Details | File | 74 | vmtoolsd.exe |
|
| Details | File | 28 | vmwaretray.exe |
|
| Details | File | 30 | vmwareuser.exe |
|
| Details | File | 26 | vmacthlp.exe |
|
| Details | File | 14 | vmsrvc.exe |
|
| Details | File | 14 | vmusrvc.exe |
|
| Details | File | 9 | prl_cc.exe |
|
| Details | File | 11 | prl_tools.exe |
|
| Details | File | 9 | xenservice.exe |
|
| Details | File | 10 | qemu-ga.exe |
|
| Details | File | 6 | windanr.exe |
|
| Details | File | 7 | bindiff.html |
|
| Details | File | 1 | extract_buer.py |
|
| Details | File | 1 | extract_buer_debug.py |
|
| Details | Github username | 1 | nuta |
|
| Details | Github username | 4 | you0708 |
|
| Details | Github username | 1 | gendx |
|
| Details | Github username | 1 | tehtris-hub |
|
| Details | sha256 | 1 | 001405ded84e227092bafe165117888d423719d7d75554025ec410d1d6558925 |
|
| Details | sha256 | 1 | 4421dbc01ddc5ed959419fe2a3a0f1c7b48f92b880273b481eb249cd17d59b91 |
|
| Details | sha256 | 1 | 52d8316b0765c147558aecbda686d076783f3a08b2741b8c9e3e717cc56e8a92 |
|
| Details | sha256 | 1 | 580d55f1e51465b697d46e67561f3161d4534a73e8aa47e18b9bae344d46bcf4 |
|
| Details | sha256 | 1 | 578dc62dfa0203080da262676f28c679114d6b1c90a4ab6c07b736d9ce64e43e |
|
| Details | sha256 | 1 | 5ac6766680c8c06a4b0b4e6a929ec4f5404fca75aa774f3eb986f81b1b30622b |
|
| Details | sha256 | 1 | 64dd547546394e1d431a25a671892c7aca9cf57ed0733a7435028792ad42f4a7 |
|
| Details | sha256 | 1 | 88689636f4b2287701b63f42c12e7e2387bf4c3ecc45eeb8a61ea707126bad9b |
|
| Details | sha256 | 2 | afb5cbe324865253c7a9dcadbe66c66746ea360f0cd184a2f4e1bbf104533ccd |
|
| Details | sha256 | 1 | c425264f34fa8574c7e4321020eb374b9364a094cda9647e557b97d5e2b8c17b |
|
| Details | sha256 | 1 | d3a486d3b032834b1203adefd25d0bf0b36fae7f9e72071c21ccc266e1e1f893 |
|
| Details | sha256 | 1 | edc3b5f8d45d7a1cceee144e57fc5ddfaf8c0c7407a1514d2f3bab4f3c9f18b8 |
|
| Details | sha256 | 1 | d7ec38c0e89a749a7727e5644328835b50e19302e9f3a4688809403ebcbd03d2 |
|
| Details | sha256 | 1 | 6578db32dc78ef7f41213557cf894d03b97ed6974ae7a72bec9b7c7ac08c4ba9 |
|
| Details | sha256 | 1 | d48d91451b9594eadc0d1ef6e379bbce9a6033bd337e06d46613a70187c9c5ef |
|
| Details | sha256 | 1 | 54109b12cbbd223f5ad79a9f87bfe50ef05a80e5551a3c1931748c3698900496 |
|
| Details | sha256 | 1 | 2d8a2bcc45daedd343eadb4222885d12a221bebbf7f1d98f92cb233df0a4c1d4 |
|
| Details | sha256 | 1 | 16feaed6222ce4a1941ae0c32eabaf0ecf68c33c49544f71d431d1b70c4247fd |
|
| Details | sha256 | 1 | 7af554fb260817350d33b801d9f0b8a638b831992f4b1b31c2bbdab875b211df |
|
| Details | sha256 | 1 | 039d63a07372e6e17f9779ccffbafbf9a06a9402ade58fbec3b0b2f8d2038175 |
|
| Details | Url | 1 | https://www.rust-lang.org |
|
| Details | Url | 1 | https://www.tiobe.com/tiobe-index/rust |
|
| Details | Url | 1 | https://github.com/nuta/kerla |
|
| Details | Url | 1 | https://www.proofpoint.com/us/blog/threat-insight/new-variant-buer-loader-written-rust |
|
| Details | Url | 1 | https://fr.wikipedia.org/wiki/sandbox_ |
|
| Details | Url | 1 | https://fr.wikipedia.org/wiki/offuscation |
|
| Details | Url | 5 | https://www.zynamics.com/bindiff.html |
|
| Details | Url | 1 | https://www.embarcadero.com/fr/products/delphi |
|
| Details | Url | 1 | https://cython.org |
|
| Details | Url | 43 | https://www.virustotal.com |
|
| Details | Url | 1 | https://www.youtube.com/watch?v=4lux_0iromy |
|
| Details | Url | 2 | https://www.unicorn-engine.org |
|
| Details | Url | 1 | https://github.com/tehtris-hub/malwaretool/blob/main/buer/extract_buer.py |
|
| Details | Url | 1 | https://github.com/tehtris-hub/malwaretool/blob/main/buer/extract_buer_debug.py |