berbew | 4b18b31b36c3669d08664ad9770236c41eef694171955f4ec6220c189568153a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

NEAS.c5059...30.exe

windows7-x64

NEAS.c5059...30.exe

windows10-2004-x64

Sharing

General

Target

NEAS.c505926f54da1d6777bbadc29f3b2530.exe
Size

480KB
Sample

231101-jpwlhace5t
MD5

c505926f54da1d6777bbadc29f3b2530
SHA1

9138f5fd82e6480ee96349d3bc62ce6ee8a1176e
SHA256

4b18b31b36c3669d08664ad9770236c41eef694171955f4ec6220c189568153a
SHA512

b2d1133d553e94a5c81321bd6db0d9ab392fb031823556c1afdc3220a4790ecf03a14802039790dd077cec4dbfc54a9337a10fdf323da374c45a31c3937df04b
SSDEEP

12288:N4wFHoSMu49P9mPh2kkkkK4kXkkkkkkkkl888888888888888888nl:Cu49lmPh2kkkkK4kXkkkkkkkk3

Score

10^/10

berbew blackmoon banker dropper persistence trojan upx

Static task

static1

upx persistence dropper trojan berbew

4 signatures

Behavioral task

behavioral1

Sample

NEAS.c505926f54da1d6777bbadc29f3b2530.exe

Resource

win7-20231020-en

blackmoon banker dropper persistence trojan upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.c505926f54da1d6777bbadc29f3b2530.exe

Resource

win10v2004-20231023-en

blackmoon banker dropper persistence trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.c505926f54da1d6777bbadc29f3b2530.exe
- Size
  
  480KB
- MD5
  
  c505926f54da1d6777bbadc29f3b2530
- SHA1
  
  9138f5fd82e6480ee96349d3bc62ce6ee8a1176e
- SHA256
  
  4b18b31b36c3669d08664ad9770236c41eef694171955f4ec6220c189568153a
- SHA512
  
  b2d1133d553e94a5c81321bd6db0d9ab392fb031823556c1afdc3220a4790ecf03a14802039790dd077cec4dbfc54a9337a10fdf323da374c45a31c3937df04b
- SSDEEP
  
  12288:N4wFHoSMu49P9mPh2kkkkK4kXkkkkkkkkl888888888888888888nl:Cu49lmPh2kkkkK4kXkkkkkkkk3
Score

10^/10

blackmoon banker dropper persistence trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

upxpersistencedroppertrojanberbew

behavioral1

blackmoonbankerdropperpersistencetrojanupx

behavioral2

blackmoonbankerdropperpersistencetrojanupx

© 2018-2025

Terms | Privacy