General
-
Target
e16f5225f9c9bbf0bc9ecac8a44623698825d044ca7a9933d1db0247524578e0.zip
-
Size
1.0MB
-
Sample
220611-qmz98sefan
-
MD5
9779b273523129fb6b276b1a77b81b55
-
SHA1
cc5e25b9c4e9548782e39f4319d123703d66fb2a
-
SHA256
8a5b34705c544355cc8834f42acd398835264e01e810d108c8c424b943174833
-
SHA512
79bb0167ad9d5321d932e98c21b18c71b9f7dc9cca8f3b94bfeece23b3fed9178bc83da4e8d11674ec0b83e0c209cd27c10fb7af5367756696f8c33a49897fbf
Behavioral task
behavioral1
Sample
documents.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
documents.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
documents.lnk
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
documents.lnk
Resource
win10v2004-20220414-en
Malware Config
Extracted
bumblebee
VPS1GROUP
23.82.19.208:443
Targets
-
-
Target
documents.dat
-
Size
2.2MB
-
MD5
038ee7283851af218aed10dbe36d6228
-
SHA1
528338d22582e5ca643eee6349b7a195034a82a9
-
SHA256
98a683da03eb03e9d3cfc3bf5710e487151511ca538fed8ced68a9aea096a6b5
-
SHA512
005e4f3c402890be61355983b134cf09b61f73d6955ca85b4e823ec0f67be5efba776c0880287d9e11ced09e38ac5c9ba1ee83dc5d56674e31322c07f016d69f
Score8/10-
Blocklisted process makes network request
-
-
-
Target
documents.lnk
-
Size
1KB
-
MD5
776ee291d7ec203375a439b14d5063cd
-
SHA1
65572b9e2a20e3fa04150aaab193d51a1a3f6233
-
SHA256
0f2a1a9dd34593f22f2db764d97dc70b8238b29ed824bf14af09463aa44b7820
-
SHA512
72164371bdf155192772b5567ad7ebbdd7ca65867c94571d2142f2243120d86748bd42d1e0538e09b33f1db435abe48273c7e5611605639ce36b8414f2481b58
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-