nerbian | f185df1fdfe2a01aecbd10a990ccc9073e76cd8b457e4a17dbf01164e117cc61

Resubmissions

22-06-2022 22:00

220622-1wyswadcf7 10

Analysis

max time kernel
376s
max time network
617s
platform
windows10_x64
resource
win10-20220414-en
submitted
22-06-2022 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

svhost.exe
Size

1.7MB
MD5

ca768e05515ee9ceea7c6da4809bed29
SHA1

c61b8b8177c91db2c378c79e2a7f51ed0abd0e4a
SHA256

f185df1fdfe2a01aecbd10a990ccc9073e76cd8b457e4a17dbf01164e117cc61
SHA512

6b3b41b7abc7b6a0146cec431b0ddbbf295d9253425d82b6384b23e6802611118f995e48f681b804cec1d9040848f94decd7a776d1944b395efa375e7421688f

Score

10^/10

nerbian rat trojan upx

Malware Config

Signatures

Detect Nerbian RAT malware 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1328-144-0x00000000002A0000-0x00000000007BC000-memory.dmp	family_nerbian

Nerbian
Remote access trojan written in the Golang.
rat trojan nerbian

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1328-123-0x00000000002A0000-0x00000000007BC000-memory.dmp	upx
behavioral2/memory/1328-144-0x00000000002A0000-0x00000000007BC000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\svhost.exe
"C:\Users\Admin\AppData\Local\Temp\svhost.exe"
1⤵
PID:1328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1328-116-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-117-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-118-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-119-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-121-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-120-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-122-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-123-0x00000000002A0000-0x00000000007BC000-memory.dmp

Filesize
5.1MB

Download
memory/1328-124-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-125-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-126-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-127-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-128-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-129-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-130-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-131-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-132-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-133-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-134-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-135-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-136-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-137-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-138-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-139-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-141-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-142-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-140-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-143-0x0000000077E40000-0x0000000077FCE000-memory.dmp

Filesize
1.6MB

Download
memory/1328-144-0x00000000002A0000-0x00000000007BC000-memory.dmp

Filesize
5.1MB

Download