bumblebee | 8a5b34705c544355cc8834f42acd398835264e01e810d108c8c424b943174833 | Triage

Sharing

General

Target

e16f5225f9c9bbf0bc9ecac8a44623698825d044ca7a9933d1db0247524578e0.zip
Size

1.0MB
Sample

220611-qmz98sefan
MD5

9779b273523129fb6b276b1a77b81b55
SHA1

cc5e25b9c4e9548782e39f4319d123703d66fb2a
SHA256

8a5b34705c544355cc8834f42acd398835264e01e810d108c8c424b943174833
SHA512

79bb0167ad9d5321d932e98c21b18c71b9f7dc9cca8f3b94bfeece23b3fed9178bc83da4e8d11674ec0b83e0c209cd27c10fb7af5367756696f8c33a49897fbf

Score

10^/10

bumblebee vps1group

Malware Config

Extracted

Family

bumblebee

Botnet

VPS1GROUP

C2

23.82.19.208:443

Targets

- Target
  
  documents.dat
- Size
  
  2.2MB
- MD5
  
  038ee7283851af218aed10dbe36d6228
- SHA1
  
  528338d22582e5ca643eee6349b7a195034a82a9
- SHA256
  
  98a683da03eb03e9d3cfc3bf5710e487151511ca538fed8ced68a9aea096a6b5
- SHA512
  
  005e4f3c402890be61355983b134cf09b61f73d6955ca85b4e823ec0f67be5efba776c0880287d9e11ced09e38ac5c9ba1ee83dc5d56674e31322c07f016d69f
Score

8^/10
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  documents.lnk
- Size
  
  1KB
- MD5
  
  776ee291d7ec203375a439b14d5063cd
- SHA1
  
  65572b9e2a20e3fa04150aaab193d51a1a3f6233
- SHA256
  
  0f2a1a9dd34593f22f2db764d97dc70b8238b29ed824bf14af09463aa44b7820
- SHA512
  
  72164371bdf155192772b5567ad7ebbdd7ca65867c94571d2142f2243120d86748bd42d1e0538e09b33f1db435abe48273c7e5611605639ce36b8414f2481b58
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

vps1groupbumblebee

behavioral1

behavioral2

behavioral3

behavioral4