Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cisco2.ps1

  • Size

    2.2MB

  • Sample

    230302-w3wvmseb85

  • MD5

    7708f4d0a27fcb9a315e0e2b9fa24248

  • SHA1

    498ac3d0ddf4b19f6f7d3dacf03c4e2fbf8f993b

  • SHA256

    0afe02415b9523c9f840be11d9561d1c07b41ac1f7b803b7112608ae8db29950

  • SHA512

    af6b285e63c9c3db98d35492ff03ec08196c859f508834fc39d6b76283447f493bc721dfa15a2ad777c6e8547ade639f9379ac1cefa54e226096fb0aa4956f54

  • SSDEEP

    24576:rsxT2KAWU1N5BWAdTfrOqluXAxXgo0TEYKoDcF/mUCXy0wxG/uD3:whAlf5BHF/gfha/FFT

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

cisc117

C2

172.93.193.3:443

23.81.246.22:443

95.168.191.134:443

104.168.175.78:443

172.93.193.46:443

157.254.194.104:443

37.28.157.29:443

23.106.124.23:443

194.135.33.182:443

54.38.139.94:443

192.119.65.175:443

107.189.8.58:443

205.185.114.241:443

104.168.171.159:443

103.144.139.159:443

91.206.178.204:443

198.98.58.184:443

172.241.27.120:443

23.106.223.197:443

23.108.57.83:443

rc4.plain

Targets

    • Target

      cisco2.ps1

    • Size

      2.2MB

    • MD5

      7708f4d0a27fcb9a315e0e2b9fa24248

    • SHA1

      498ac3d0ddf4b19f6f7d3dacf03c4e2fbf8f993b

    • SHA256

      0afe02415b9523c9f840be11d9561d1c07b41ac1f7b803b7112608ae8db29950

    • SHA512

      af6b285e63c9c3db98d35492ff03ec08196c859f508834fc39d6b76283447f493bc721dfa15a2ad777c6e8547ade639f9379ac1cefa54e226096fb0aa4956f54

    • SSDEEP

      24576:rsxT2KAWU1N5BWAdTfrOqluXAxXgo0TEYKoDcF/mUCXy0wxG/uD3:whAlf5BHF/gfha/FFT

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks