bumblebee | 3da6854b3feb71c69d667b654622b1760fcb7fef519fdb78fbcbeb4b1c094e76

General

Target

Requested_Documents_SEPTEMBER2023.pdf .exe
Size

795KB
MD5

5ed850cfe3074a397566cf6d2191f5b1
SHA1

30f902bcc7f367da34cc976d92ebc942532f0686
SHA256

3da6854b3feb71c69d667b654622b1760fcb7fef519fdb78fbcbeb4b1c094e76
SHA512

58c7a3073b808587e3e0664ac8075535642f5bae726f96406f8b3ed053b928c018dd96dffc4e385088ba90a22923a37bbda3955f1f8f14ac4e0017158d77546e
SSDEEP

24576:KRYVIX91rfc2BGkuDIJlg4SQABWPeEzTX:+Skng4S05H

Score

10^/10

bumblebee rar0409 loader

Malware Config

Extracted

Family

bumblebee

Botnet

rar0409

Attributes

dga
cmid1s1zeiu.life

itszko2ot5u.life

3v1n35i5kwx.life

newdnq1xnl9.life

jkyj6awt1ao.life

ddrjv6y42b8.life

1pnhp5o5za1.life

y13iqvlfjl5.life

xp0btfgegbo.life

gpv3uw5tmy4.life

5d7rdf3layn.life

2aed6bvquxs.life

5t9oknzu433.life

sy53gmpuq1i.life

09cwff8wgdh.life

4elhq2521mw.life

b4arp834sch.life

s3iug4uiy7t.life

q1cvhi9onpu.life

m3j4htyodnu.life

dzzrhn9rvqa.life

uriqas6zede.life

tv45x1ukt9w.life

9dnuk0xl7yc.life

zro95b8zb3r.life

9da1kshoyuq.life

zph13yx1leo.life

0q6mvuo4wl6.life

nyoqtkpub9x.life

l1bnym8lg65.life

d63hq5crsun.life

f4te7v7fi28.life

oi27t509pny.life

xg2mddk9qrj.life

9uknixukwim.life

5ejt5qpx2oh.life

v9y5rypfhdj.life

aq59tsppo18.life

vdnizm8lcke.life

knof8y1kufn.life

mhwv3bpckbi.life

b4ycw3b0ztx.life

tu0t62osn5m.life

pkgbfa9ati6.life

wd60v3x8mun.life

qpgomg0nfob.life

9619skmuswk.life

10fa4glizbq.life

h9cgsquxt5t.life

cpjeg06jqj7.life

tuaksrh3m4v.life

pnkk456mk55.life

bryfg80da8m.life

4c9takty1zx.life

17afrof66rf.life

keoauupcj2n.life

okxar0c3d29.life

759lhww6ixh.life

br40ztd8bya.life

vdug3t5r2cz.life

6j0uqybrqj4.life

km87l2nqldk.life

d421obfpnmh.life

hsk3pjutatd.life

iudmgiv2ndb.life

vf9bknmns0b.life

325g1cipn4m.life

g3z3h2xzdfv.life

i4hmyqc1p69.life

r967duebyji.life

f83jeqe01vd.life

sbprbiukvhf.life

lc2q21q7nd4.life

co7hu2019oy.life

ue9panfagh0.life

fby66hp7jm0.life

njg6qfp2lfa.life

mb1hy4vi0q7.life

7jemrghylwb.life

yxz60ai05jv.life

v68i3v975xq.life

67xsof7l8ak.life

q886dsegew3.life

16nqnk7hvgs.life

we5x2dfevhn.life

88kwlc3k73o.life

p2xo397h86f.life

njljnzf5c20.life

2g6py8d93tm.life

dz8bw5q6jy2.life

gflfug3a9lb.life

rssaelatar7.life

35l9tvici4l.life

lqhjkq5lfiu.life

3t3qouhmhww.life

fuwisezq1sl.life

ibm2bld58ah.life

h02pknjmc6v.life

enenfxgn3fh.life

zcf8nrpzrqk.life
dga_seed
TEST_SEE
domain_length
11
num_dga_domains
100
port
443

rc4.plain

Signatures

BumbleBee
BumbleBee is a loader malware written in C++.
loader bumblebee

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4644	svchost.exe

C:\Users\Admin\AppData\Local\Temp\Requested_Documents_SEPTEMBER2023.pdf .exe
"C:\Users\Admin\AppData\Local\Temp\Requested_Documents_SEPTEMBER2023.pdf .exe"
1⤵
PID:4400

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2140

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
e5dc7b47dbae0cc7f83c10bff06f1a8b

SHA1
c1707b0d087df8197d050a7963d46b3d05366dc5

SHA256
09f522411b7624595c91649de828908fdde4990e04306fb1cf574f6755da1a4b

SHA512
e4ac1100f937c650c50ce2325fde31d7de9d0360fae2003bd147e2fdea8f63daefed0c3456acfa4598b299293a58e159a055c617b8fc4887fcc91173ebeab0b9

Download Submit
memory/4400-0-0x00000244F48C0000-0x00000244F493A000-memory.dmp

Filesize
488KB

Download
memory/4400-1-0x00000244F4A40000-0x00000244F4B47000-memory.dmp

Filesize
1.0MB

Download
memory/4400-2-0x00000244F4A40000-0x00000244F4B47000-memory.dmp

Filesize
1.0MB

Download
memory/4400-3-0x00000244F4A40000-0x00000244F4B47000-memory.dmp

Filesize
1.0MB

Download
memory/4644-42-0x0000020040360000-0x0000020040361000-memory.dmp

Filesize
4KB

Download
memory/4644-46-0x0000020040360000-0x0000020040361000-memory.dmp

Filesize
4KB

Download
memory/4644-37-0x0000020040360000-0x0000020040361000-memory.dmp

Filesize
4KB

Download
memory/4644-38-0x0000020040360000-0x0000020040361000-memory.dmp

Filesize
4KB

Download
memory/4644-39-0x0000020040360000-0x0000020040361000-memory.dmp

Filesize
4KB

Download
memory/4644-40-0x0000020040360000-0x0000020040361000-memory.dmp

Filesize
4KB

Download
memory/4644-41-0x0000020040360000-0x0000020040361000-memory.dmp

Filesize
4KB

Download
memory/4644-20-0x0000020037D50000-0x0000020037D60000-memory.dmp

Filesize
64KB

Download
memory/4644-43-0x0000020040360000-0x0000020040361000-memory.dmp

Filesize
4KB

Download
memory/4644-44-0x0000020040360000-0x0000020040361000-memory.dmp

Filesize
4KB

Download
memory/4644-45-0x0000020040360000-0x0000020040361000-memory.dmp

Filesize
4KB

Download
memory/4644-36-0x0000020040340000-0x0000020040341000-memory.dmp

Filesize
4KB

Download
memory/4644-47-0x000002003FF90000-0x000002003FF91000-memory.dmp

Filesize
4KB

Download
memory/4644-48-0x000002003FF80000-0x000002003FF81000-memory.dmp

Filesize
4KB

Download
memory/4644-50-0x000002003FF90000-0x000002003FF91000-memory.dmp

Filesize
4KB

Download
memory/4644-53-0x000002003FF80000-0x000002003FF81000-memory.dmp

Filesize
4KB

Download
memory/4644-56-0x000002003FEC0000-0x000002003FEC1000-memory.dmp

Filesize
4KB

Download
memory/4644-4-0x0000020037C50000-0x0000020037C60000-memory.dmp

Filesize
64KB

Download
memory/4644-68-0x00000200400C0000-0x00000200400C1000-memory.dmp

Filesize
4KB

Download
memory/4644-70-0x00000200400D0000-0x00000200400D1000-memory.dmp

Filesize
4KB

Download
memory/4644-71-0x00000200400D0000-0x00000200400D1000-memory.dmp

Filesize
4KB

Download
memory/4644-72-0x00000200401E0000-0x00000200401E1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads