bumblebee | 551e945aab00037fdf30f235390454d0fa11c2abb8802b5397c61d0225137a3e | Triage

Sharing

General

Target

tamit.zip
Size

313KB
Sample

220612-tqwm1abee5
MD5

4544ba8f3f39d37efa5f89774bea3ab4
SHA1

97cc87a81b1dadeda921d558c7efa573b4aa1970
SHA256

551e945aab00037fdf30f235390454d0fa11c2abb8802b5397c61d0225137a3e
SHA512

e2aa841549b672f9050baf46121177972cc347f162843da885afde405a40792a14ab09ddb2671446a67a29e6b7af188440546b3c45062a4bb3639cdda5fa093d

Score

10^/10

bumblebee 1805r

Malware Config

Extracted

Family

bumblebee

Botnet

1805r

C2

185.62.56.201:443

103.175.16.59:443

198.98.57.91:443

rc4.plain

Targets

- Target
  
  tamit/replay.dll
- Size
  
  800KB
- MD5
  
  649f762db2b0a79669c12fa5c4b94aba
- SHA1
  
  6d97f567edb3491586a132ea4c3ca7ffe6b9a701
- SHA256
  
  3a2112ed78bbec16929d9f39aca09efe2eb44abb80bbfa765e451a87aef84a99
- SHA512
  
  8786011822ac0199c6e005a8e250593b86e44e0183e9f4b9ff01063f9461838b2e8d3ff13fe69a10954e10494fac67c8c45320469a290d6e2a2ba0f33ce3b43b
Score

1^/10
behavioral1 behavioral2
- Target
  
  tamit/replay.lnk
- Size
  
  1KB
- MD5
  
  61cd98f27ff508bc3cbd1c170433e124
- SHA1
  
  8da65cee30058238bf40f6a37d9352cb0aeb3a19
- SHA256
  
  30d4b41def9a6295cc68f4cf87d7a085bca02f0a3f5826efa6891dd3a3b44e95
- SHA512
  
  578e00495f5604dc692678682e559c3e5f18a9b399a184e5df2f9bbd16518657245737084ae80fefbd3b487b44941ee95a9543c72264615cfc9330091ad5878a
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4