bumblebee | cb1c7c35cb0842aa1aed8e8cfae6187b3b6ff57654e37284af7acf6cf91aa80c | Triage

Sharing

General

Target

7977246136.zip
Size

1.0MB
Sample

220915-md97asgdgl
MD5

6b8a5cf3ff3a58aff27ed6993591f3a5
SHA1

8f5f60c7d11bbe63f779c38ed2846c90e096872c
SHA256

cb1c7c35cb0842aa1aed8e8cfae6187b3b6ff57654e37284af7acf6cf91aa80c
SHA512

dfd91a21ccfd6d7f8cf62da894c73acd3622de601247894958f4105288de06165755a2e0451b1ad6727e4f80412a2ba442f08953c6f54689b065546f2fcd4c6c
SSDEEP

24576:Ondm1WyEoxCi16ozn7E7n0hOZo6xtLf7fYMYtnxL3:pEoxCi/E70A3Ff7fYR3

Score

10^/10

bumblebee vps2group

Malware Config

Extracted

Family

bumblebee

Botnet

VPS2GROUP

C2

23.81.246.187:443

Targets

- Target
  
  fba152136ccb3ab4af3ec88eebe02162e3159170f159343c59a40757a9599f9b
- Size
  
  2.3MB
- MD5
  
  0f80169429263a38ede804a8adba6037
- SHA1
  
  d271d783c27424db1cbbcfc6422eaf3360b2c86f
- SHA256
  
  fba152136ccb3ab4af3ec88eebe02162e3159170f159343c59a40757a9599f9b
- SHA512
  
  ecc9bd769b3894dc5f5e696a27f1a8d0db0a5ddd1100d034443befd39cf76baf0ba36d168ea8b5e722747a0dd71cad5809feb367fbe2667379a745690b5e4c56
- SSDEEP
  
  49152:/mxV8r49vGU/vrw/duhM6DRCQstcYIMkqPGyoWi:gzM6EQsGLMk1y1
Score

3^/10
behavioral1 behavioral2
- Target
  
  Attachments.lnk
- Size
  
  1KB
- MD5
  
  bc822d858adaf2632387e1683dec2c02
- SHA1
  
  603bbc383ad1aaf3be47db8686b584cf75055cc6
- SHA256
  
  870d9acb346f0d9699c09057b8d8f6782cd925873958974cfe47f6566d2da7cd
- SHA512
  
  adfa26f5517da1020398d037313f6d6e39a5f2cd3131a0f0cc13bc012886132d083bbc3873739fb9b376fa679a99cbe42a4498283c5afc3103ea613117c7029d
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  disk.dat
- Size
  
  2.2MB
- MD5
  
  c02eea54f746c442e9906216f358573d
- SHA1
  
  7f734775d3ad5d9a31b6b04480cd10455090db4b
- SHA256
  
  1d145129e94aa5a7a57442ad69f058c84c958827697c27fc851c9e510e7cee21
- SHA512
  
  850577b2ba8adc29b6d1f32d6bba2a86d5d7282e15f233cbdcd5479ca27f41a101c01e553bb9636a700980313bb6377966f4a149827e3e860f71470c41b8781e
- SSDEEP
  
  49152:dmxV8r49vGU/vrw/duhM6DRCQstcYIMkqPGyoWi:6zM6EQsGLMk1y1
Score

8^/10
- Blocklisted process makes network request
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

vps2groupbumblebee

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6