berbew | 12d16a39692f19c150cb529e48d8c61bb238d20979337f13e8429a15c3e2da73 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

NEAS.5001d...d0.exe

windows7-x64

NEAS.5001d...d0.exe

windows10-2004-x64

Sharing

General

Target

NEAS.5001d911ca38168edabf518b6478f1d0.exe
Size

161KB
Sample

231104-kndvqsgb98
MD5

5001d911ca38168edabf518b6478f1d0
SHA1

589ee1c5d5a1a2bf9ccf4e675ea66a8dd5373973
SHA256

12d16a39692f19c150cb529e48d8c61bb238d20979337f13e8429a15c3e2da73
SHA512

c0d1816211a874b7044bc2410100d71525f2e4e4a5842d358d654ca3bf18f87de1c111a4f24162f8fb4d0b68c9ad15729a677b39b50868809b7accf5e7e7da84
SSDEEP

3072:lhOmTsF93UYfwC6GIoutacudmVS3BLp3BqDH6lPqZDvC7TtTGeS07EfnsJ:lcm4FmowdHoSavdmk3Rp38L6l6kRSmE8

Score

10^/10

berbew blackmoon banker dropper persistence trojan upx

Static task

static1

upx persistence dropper trojan berbew

4 signatures

Behavioral task

behavioral1

Sample

NEAS.5001d911ca38168edabf518b6478f1d0.exe

Resource

win7-20231025-en

blackmoon banker dropper persistence trojan upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.5001d911ca38168edabf518b6478f1d0.exe

Resource

win10v2004-20231025-en

blackmoon banker dropper persistence trojan upx

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.5001d911ca38168edabf518b6478f1d0.exe
- Size
  
  161KB
- MD5
  
  5001d911ca38168edabf518b6478f1d0
- SHA1
  
  589ee1c5d5a1a2bf9ccf4e675ea66a8dd5373973
- SHA256
  
  12d16a39692f19c150cb529e48d8c61bb238d20979337f13e8429a15c3e2da73
- SHA512
  
  c0d1816211a874b7044bc2410100d71525f2e4e4a5842d358d654ca3bf18f87de1c111a4f24162f8fb4d0b68c9ad15729a677b39b50868809b7accf5e7e7da84
- SSDEEP
  
  3072:lhOmTsF93UYfwC6GIoutacudmVS3BLp3BqDH6lPqZDvC7TtTGeS07EfnsJ:lcm4FmowdHoSavdmk3Rp38L6l6kRSmE8
Score

10^/10

blackmoon banker dropper persistence trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

upxpersistencedroppertrojanberbew

behavioral1

blackmoonbankerdropperpersistencetrojanupx

behavioral2

blackmoonbankerdropperpersistencetrojanupx

© 2018-2025

Terms | Privacy