Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    files.zip

  • Size

    687KB

  • Sample

    221117-c58sfade63

  • MD5

    330ecf8b86b729b4c7c3cf1556739db3

  • SHA1

    dd1655ee02d97110496eadf18997412fa9dbeaad

  • SHA256

    12df68306288f11609ff1b5cac904fcaeab3f5561bcbf0f09c2bf439c6daeadc

  • SHA512

    67c413868ea103c7a537fc76ea585fd790fbf517f1aec0251f563fddc1adf2daee7896fee25850f3403f133112f1fc2451b6cddacefaf5ae520e28930c20d260

  • SSDEEP

    12288:UO3vAFIFP1pZG5tf+d6RToVXUWvZcmu0zpHG1JC9Luq2wiRXkWm3bXc9t7XwBB6E:UOo2tLGH+GTEXUWv11z1AJkuAihuX8tU

Score
10/10

Malware Config

Extracted

Family

bumblebee

Botnet

15repl

C2

23.108.57.200:443

103.144.139.158:443

23.106.160.52:443

rc4.plain
1
eCUmnQerTx

Targets

    • Target

      TdndchBWGClEyG.dll

    • Size

      836KB

    • MD5

      4ec372d945f4279858d8ed93a83154b8

    • SHA1

      8c1818a64979a128808c971f5d66702fdf964660

    • SHA256

      8533d14d0d29dc3534591363aab48c0857f855a416855042de18fc428a9adeb6

    • SHA512

      8b5725b16875c372522a41ec9ef8839ccc45a3d4840176bab6bd527a4cac85490407fb8ccb8226f5b8be610127bc573ddd40872246ab4a72c85016089d25ecd3

    • SSDEEP

      12288:EjFKLyV6iAV2xGu8AcsufT43mFdWOhV5dP4nODbBYRjRYBmCkvLBxa1FiTCci1JZ:EjFKOVBA/u8jPT2pOgOmpxndx3TCc

    Score
    10/10
    • BumbleBee

      BumbleBee is a webshell malware written in C++.

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Target

      required documents.lnk

    • Size

      995B

    • MD5

      32718d69a0919473c89e529b04a7cd38

    • SHA1

      d0c4c19cf77676d2827e9b9596796583d95dce37

    • SHA256

      d3c9dc14d8396686cb3c12b1a483ca30943d731f733614fda85e1039bff611c5

    • SHA512

      b1119c69fb1c1205250a10ab4893072b4ed45f38f5b0af9fdfa8a6c442f738571cd09b5767345ce47414681475bd9e57fc1526185493c9c30cb8311c96e2c4ba

    Score
    10/10
    • BumbleBee

      BumbleBee is a webshell malware written in C++.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Target

      wabPTLAqdTmbJu.bat

    • Size

      1KB

    • MD5

      9cf24d2ca62c63bf523c2ec835a26e9f

    • SHA1

      6e665d29117d318abf8318beaac265818ee990c3

    • SHA256

      9e847e0113ee63ea0bbb3e873a5a33013b45a249fb734a50bf16df986f9cfe4d

    • SHA512

      0b19e3460218c43aa00c6244cc34aa6bf786e5157db61e7d5df1adb506cd6606c163b2c6392bc84129c16daa2eb74f8d3d32e769ca5d404807f2464cab3be5d1

    Score
    10/10
    • BumbleBee

      BumbleBee is a webshell malware written in C++.

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.