bumblebee | 6483435f12ab4a0babe3abeda8511e1f00560f1e4482f30fa2ed32daf39c0be1 | Triage

Resubmissions

11/06/2022, 13:24

220611-qnd4dsahc7 10

21/03/2022, 08:31

220321-keregaaec3 7

Sharing

General

Target

BUMBLEBEE ISO.iso
Size

2.2MB
Sample

220611-qnd4dsahc7
MD5

df34f23037c5dc05c2f03513928b4b97
SHA1

9b107dd8a2d34819bd94dfcc1bb65a0106a95660
SHA256

6483435f12ab4a0babe3abeda8511e1f00560f1e4482f30fa2ed32daf39c0be1
SHA512

ad244d2cf8704206ac7fa054f2390b338aa6109751b702bbdfc8301dd7fbd6eba1a922cae34464663518db90c3a9aad6d45ceff9fb020896c71c2764df7ab060

Score

10^/10

bumblebee vps2g

Malware Config

Extracted

Family

bumblebee

Botnet

VPS2G

C2

23.81.246.187:443

Targets

- Target
  
  documents.lnk
- Size
  
  1KB
- MD5
  
  813dd41c91bb43332482ad5c0857a8d7
- SHA1
  
  5dfa29b64941d86e05be9d99b881dec1fb8338f4
- SHA256
  
  b953d0b1efb9719f79954788480235b8eccb84b13c5d373969fa3a03aabef788
- SHA512
  
  72536d2787db0cef94aab6088865b5ddaf351330306ba860179a7dbe7a70ca9d6e9d8e88821e4078cbe9ad3e736c758f26758cf7e8a9df7dc12d76df6b124058
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  sysmon64.exe
- Size
  
  2.1MB
- MD5
  
  0e0ab8f346dcf205639397928f854cae
- SHA1
  
  5d560a6e5d35bbe151d4ec8ce329f295443acce7
- SHA256
  
  9f35ac95864daf736de1471babe756a11fedd297379892375689fd97c9322344
- SHA512
  
  fc232e7e7d63aa8f018223cd92e8a980360b32afe82fecabac921fdbf7b1260893e32a28cd090ae8d17e562c8a08756a9e839e2666c18fb16a1f0812fb3d0a84
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4