bumblebee | 6e8068da509a8c2d2672a67f7b876fb0e67729e3d907cd2ec493e3e099b12a57 | Triage

Sharing

General

Target

7439706138.zip
Size

1.0MB
Sample

220520-gjbm2acfg6
MD5

4f4ea76c739c00e30282a391c75a8992
SHA1

72a8f2f420b0da1f5f81543779f751d33bf8b86a
SHA256

6e8068da509a8c2d2672a67f7b876fb0e67729e3d907cd2ec493e3e099b12a57
SHA512

881b2781bc2bd7e16a29ded8eaebe8e9f20b4db0c25981fa746e131e584c84c68ddef3c51e75288bfca22f4eb2dfa2d92d37c96ab20358694397902a9c1aecf0

Score

10^/10

bumblebee vps1group

Malware Config

Extracted

Family

bumblebee

Botnet

VPS1GROUP

C2

23.82.19.208:443

Targets

- Target
  
  Attachments.dat
- Size
  
  2.2MB
- MD5
  
  e6a046d1baa7cd2100bdf48102b8a144
- SHA1
  
  a7838aa4f42c95ee245f9b62d2c894a4c2067894
- SHA256
  
  08cd6983f183ef65eabd073c01f137a913282504e2502ac34a1be3e599ac386b
- SHA512
  
  3d7cad15f9577926af9ee100d71fbf50a9f70c681d4735836a668b83828c97e63e514e78c9b64b2f328ae352a852d6e4053413888342d16196652c7d6283d242
Score

8^/10
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  Attachments.lnk
- Size
  
  1KB
- MD5
  
  cac3161c21fc24e8530ad189835f7d68
- SHA1
  
  f58e9d6ade2e933bb379ce5fb44e0fa4c598ba63
- SHA256
  
  96a0a7ee73984d9a2ed785ff822d090549769c16feed09d31322d9a36f53f856
- SHA512
  
  f961379e0d9085911f0dcee94521ded6aab34babb9ab824db221256d3f73bcbcab7795ddf26f5d11c80a7e15948c68241fab2e83ad2e678088045d65528e9a41
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

vps1groupbumblebee

behavioral1

behavioral2

behavioral3

behavioral4