Overview

overview

10

Static

static

1

AdobePDFRe...9).msi

windows7-x64

7

AdobePDFRe...9).msi

windows10-2004-x64

10

Resubmissions

09-10-2023 22:51

231009-2syt5sba42 10

26-04-2023 10:03

230426-l3jvzaae4s 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AdobePDFReader (9).msi

  • Size

    2.2MB

  • Sample

    230426-l3jvzaae4s

  • MD5

    fadc9824c68402143239f764c99bb82d

  • SHA1

    7eb72321c2c1e25b11c9d44229af22a179e27ce8

  • SHA256

    9890ae69f0a31a5656dbebce11384a70820ac49cabe9b244dfb8a5ed22617ff5

  • SHA512

    916b9b9836d5003193cf4f52c501a90ba16f18ca13a05325f9e11a6ee9d05b927013c09524757f33efd153c0e1d25648233e79f9a8eaa81fd69ed79282268ef6

  • SSDEEP

    49152:NMU9FgsN+TXYr+LrUcdEL9MklhGUWhe8u/g1PQNPEUI:6gFPgYrordG9t0lepg1P2XI

Score
10/10
bumblebeead2404trojan

Malware Config

Extracted

Family

bumblebee

Botnet

ad2404

C2

149.3.170.185:443

23.108.57.117:443

199.195.249.67:443

103.175.16.149:443

209.141.58.129:443

192.254.79.106:443
rc4.plain

Targets

    • Target

      AdobePDFReader (9).msi

    • Size

      2.2MB

    • MD5

      fadc9824c68402143239f764c99bb82d

    • SHA1

      7eb72321c2c1e25b11c9d44229af22a179e27ce8

    • SHA256

      9890ae69f0a31a5656dbebce11384a70820ac49cabe9b244dfb8a5ed22617ff5

    • SHA512

      916b9b9836d5003193cf4f52c501a90ba16f18ca13a05325f9e11a6ee9d05b927013c09524757f33efd153c0e1d25648233e79f9a8eaa81fd69ed79282268ef6

    • SSDEEP

      49152:NMU9FgsN+TXYr+LrUcdEL9MklhGUWhe8u/g1PQNPEUI:6gFPgYrordG9t0lepg1P2XI

    Score
    10/10
    bumblebeead2404trojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks