fbfdc2c6f3d5576d236a010ee6b87edf61cfc06382acc9c5a1f4c3286a6b7378 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

Bemaerke.exe

windows7-x64

7

Bemaerke.exe

windows10-2004-x64

7

Sharing

General

Target

Bemaerke.exe
Size

1.2MB
Sample

230330-jwddhadb6s
MD5

0f607ada4eb3397b1df8c14c3907e5e0
SHA1

9bdc3632f763b1f457d7911c66ad5dd549c46751
SHA256

fbfdc2c6f3d5576d236a010ee6b87edf61cfc06382acc9c5a1f4c3286a6b7378
SHA512

f505221e05557bd431c7f07c521cd6a76dc4346602134a2337240cba413cb89f659342508d0ac8105e9d9a88c475a4395b495e7c9f3ea95194222be559443155
SSDEEP

24576:nO/lnSVsiwc+fCSbU9GDJ+WXgsUOp6H1W5tp0UNJ8gc+8my:nunChibY9GDJHUOUVKtKU38X5my

Score

7^/10

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Bemaerke.exe

Resource

win7-20230220-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Bemaerke.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  Bemaerke.exe
- Size
  
  1.2MB
- MD5
  
  0f607ada4eb3397b1df8c14c3907e5e0
- SHA1
  
  9bdc3632f763b1f457d7911c66ad5dd549c46751
- SHA256
  
  fbfdc2c6f3d5576d236a010ee6b87edf61cfc06382acc9c5a1f4c3286a6b7378
- SHA512
  
  f505221e05557bd431c7f07c521cd6a76dc4346602134a2337240cba413cb89f659342508d0ac8105e9d9a88c475a4395b495e7c9f3ea95194222be559443155
- SSDEEP
  
  24576:nO/lnSVsiwc+fCSbU9GDJ+WXgsUOp6H1W5tp0UNJ8gc+8my:nunChibY9GDJHUOUVKtKU38X5my
Score

7^/10
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy