Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    melanin.dat

  • Size

    883KB

  • Sample

    221102-1frpmaeecn

  • MD5

    0b83e514d3242d00e43c13d04555c6b7

  • SHA1

    3d05b1005d36c70b7c4d9dc5ad3b4cb0455852f5

  • SHA256

    6b80e48540df747828128560214ad00c66c7e0a0ce4118e53214d498481fe549

  • SHA512

    e3e39bb21d5eab03ac703dfcd78782d8855b5ab07ff42b3bf8ed9f379663bbf52afd385ce609758e5ca96fc13f9026beeebfe9c1232c96663c3f6ac0285f1017

  • SSDEEP

    24576:78uGvxcSwLS6SI4N6bagH1LG2VrFXO8U5sE+dzXV/C8Q:AuGpk4+FdGurFXO8U5s1dTV/C

Score
10/10

Malware Config

Extracted

Family

bumblebee

Botnet

0211r

C2

193.109.120.156:443

192.111.146.184:443

104.219.233.113:443

rc4.plain

Targets

    • Target

      melanin.dat

    • Size

      883KB

    • MD5

      0b83e514d3242d00e43c13d04555c6b7

    • SHA1

      3d05b1005d36c70b7c4d9dc5ad3b4cb0455852f5

    • SHA256

      6b80e48540df747828128560214ad00c66c7e0a0ce4118e53214d498481fe549

    • SHA512

      e3e39bb21d5eab03ac703dfcd78782d8855b5ab07ff42b3bf8ed9f379663bbf52afd385ce609758e5ca96fc13f9026beeebfe9c1232c96663c3f6ac0285f1017

    • SSDEEP

      24576:78uGvxcSwLS6SI4N6bagH1LG2VrFXO8U5sE+dzXV/C8Q:AuGpk4+FdGurFXO8U5s1dTV/C

    Score
    10/10
    • BumbleBee

      BumbleBee is a webshell malware written in C++.

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks