Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2023 09:36

General

  • Target

    Requested_Documents_SEPTEMBER2023.pdf .exe

  • Size

    795KB

  • MD5

    5ed850cfe3074a397566cf6d2191f5b1

  • SHA1

    30f902bcc7f367da34cc976d92ebc942532f0686

  • SHA256

    3da6854b3feb71c69d667b654622b1760fcb7fef519fdb78fbcbeb4b1c094e76

  • SHA512

    58c7a3073b808587e3e0664ac8075535642f5bae726f96406f8b3ed053b928c018dd96dffc4e385088ba90a22923a37bbda3955f1f8f14ac4e0017158d77546e

  • SSDEEP

    24576:KRYVIX91rfc2BGkuDIJlg4SQABWPeEzTX:+Skng4S05H

Malware Config

Extracted

Family

bumblebee

Botnet

rar0409

Attributes
  • dga

    cmid1s1zeiu.life

    itszko2ot5u.life

    3v1n35i5kwx.life

    newdnq1xnl9.life

    jkyj6awt1ao.life

    ddrjv6y42b8.life

    1pnhp5o5za1.life

    y13iqvlfjl5.life

    xp0btfgegbo.life

    gpv3uw5tmy4.life

    5d7rdf3layn.life

    2aed6bvquxs.life

    5t9oknzu433.life

    sy53gmpuq1i.life

    09cwff8wgdh.life

    4elhq2521mw.life

    b4arp834sch.life

    s3iug4uiy7t.life

    q1cvhi9onpu.life

    m3j4htyodnu.life

    dzzrhn9rvqa.life

    uriqas6zede.life

    tv45x1ukt9w.life

    9dnuk0xl7yc.life

    zro95b8zb3r.life

    9da1kshoyuq.life

    zph13yx1leo.life

    0q6mvuo4wl6.life

    nyoqtkpub9x.life

    l1bnym8lg65.life

  • dga_seed

    TEST_SEE

  • domain_length

    11

  • num_dga_domains

    100

  • port

    443

rc4.plain

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\Requested_Documents_SEPTEMBER2023.pdf .exe
    "C:\Users\Admin\AppData\Local\Temp\Requested_Documents_SEPTEMBER2023.pdf .exe"
    1⤵
      PID:2944

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2944-0-0x0000000000380000-0x00000000003FA000-memory.dmp

      Filesize

      488KB

    • memory/2944-1-0x0000000000500000-0x0000000000607000-memory.dmp

      Filesize

      1.0MB

    • memory/2944-2-0x0000000000500000-0x0000000000607000-memory.dmp

      Filesize

      1.0MB