nerbian | b3bf89c17580cab05931970666807dc24c18e6d22d86bfe83211ccdd86a0054a | Triage

Analysis

max time kernel
37s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
23-06-2022 08:12

Sharing

Report Analysis Logs

General

Target

MoUseCore.exe
Size

620.8MB
MD5

ed5c36d81655a1744c7a8f710ed4a497
SHA1

cc08e68ae40c0a524b05e4936db86480b72d6631
SHA256

192d5612ca93f86b198fa39f05e33edca60bca2bb198a8263e0edbdbeae97710
SHA512

187e0569199673b63f3de39c3b982534aa829dcaefdef40c1f818067a88915796bedd4e314e9f381afb4c8189035cd8f8dc0eae5bb3860a4c5bd3743c687268e

Score

10^/10

nerbian rat trojan upx

Malware Config

Signatures

Detect Nerbian RAT malware 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1784-54-0x0000000000A20000-0x0000000000F3C000-memory.dmp	family_nerbian
behavioral1/memory/1784-55-0x0000000000A20000-0x0000000000F3C000-memory.dmp	family_nerbian

Nerbian
Remote access trojan written in the Golang.
rat trojan nerbian

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1784-54-0x0000000000A20000-0x0000000000F3C000-memory.dmp	upx
behavioral1/memory/1784-55-0x0000000000A20000-0x0000000000F3C000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\MoUseCore.exe
"C:\Users\Admin\AppData\Local\Temp\MoUseCore.exe"
1⤵
PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1784-54-0x0000000000A20000-0x0000000000F3C000-memory.dmp

Filesize
5.1MB

Download
memory/1784-55-0x0000000000A20000-0x0000000000F3C000-memory.dmp

Filesize
5.1MB

Download