bumblebee

General

Target

file.exe
Size

6.1MB
Sample

231125-1cf4qach83
MD5

4a657cf9c1289e3df987268e32961a66
SHA1

77167ba7c7adb768ba4a1a0d561a8828e73f5035
SHA256

4203f929fe8fab1c990e027216ef732955cc4fbfe598e9dc02dbf61fefd2e579
SHA512

3515c161728c0294b822cfb8a313d85dfb9305e6283f533d20b61894468129012991bec1709e001a8067660668aa6c3a2894273a8f251c3cc15cc0d548a88976
SSDEEP

98304:QAs++BUHecpbpx+sborjZGS/maM8jwsWjMZd3CuwQ3dm0vZ0QgKuEf:QAKBx4px+sNgHW4H3CkZqEf

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

onkomsi2

Attributes

dga
n64c2akw.life

zefawfb0.life

dph3pby8.life

hx0hysyg.life

1qa3k743.life

luw8ubf2.life

rbvsf6io.life

4huoqrsp.life

8qwcvseh.life

37zi55wc.life

i9f44mju.life

aqnx9c9h.life

3nmeg5wa.life

r5ue5rok.life

et53yjoc.life

tvgco82h.life

0xtmu3tz.life

6xhpschv.life

6o26tws0.life

0oz7923s.life

54y2q50j.life

9hh7hq5r.life

r0ca080m.life

43vtghfz.life

qal55els.life

p5e68m36.life

x698iah6.life

kqn0zkig.life

wq6w8jkq.life

i6n08gx7.life

yykdmh0r.life

is45ipqt.life

btycmaq0.life

bei9dppm.life

3jhcm6ou.life

1q04n1r6.life

10ciy2hb.life

11ou1grl.life

83b0leyy.life

t31jn4t1.life

b24f19ne.life

igak9l9s.life

hkgd9kar.life

02uhomlq.life

zpy1vssg.life

j57fzy12.life

zmlly8xo.life

pe6r5tzc.life

cg4cuoyi.life

pyjijjlm.life

m3vc2ce4.life

p1p97dov.life

ep0kbvph.life

0rlxan4o.life

zdx0i18o.life

7kmzys39.life

e97igyz6.life

hjcbhzd8.life

az77sw77.life

d0k4fdaa.life

c9l8ri53.life

ay03u2te.life

t99iv15x.life

6a1fbhay.life

zna5lybe.life

vxyojl27.life

mddoknvi.life

2z2dl1og.life

vojg90l2.life

awr5omre.life

tcjcv520.life

aqjjchti.life

6qwim2j8.life

1p34o0do.life

8hxwl72r.life

wykpnxcx.life

o10qz4xe.life

7564a2mg.life

aiv8bb2b.life

jwyxm0f3.life

4soexc4m.life

3xqy6csn.life

3k8iq1nb.life

w2hje2t7.life

fra3xqrx.life

4r3inwrt.life

qhfoevow.life

a9nhflze.life

jpngew6a.life

baunjh6t.life

yqofro9q.life

uq034w07.life

oq36weoi.life

vv5sfo80.life

0req10rd.life

m4v4xq2f.life

1p24echu.life

ohwv1vpp.life

z2tp7x2v.life

q65io756.life
dga_seed
anjd78ka
domain_length
8
num_dga_domains
100
port
443

rc4.plain

Targets

- Target
  
  file.exe
- Size
  
  6.1MB
- MD5
  
  4a657cf9c1289e3df987268e32961a66
- SHA1
  
  77167ba7c7adb768ba4a1a0d561a8828e73f5035
- SHA256
  
  4203f929fe8fab1c990e027216ef732955cc4fbfe598e9dc02dbf61fefd2e579
- SHA512
  
  3515c161728c0294b822cfb8a313d85dfb9305e6283f533d20b61894468129012991bec1709e001a8067660668aa6c3a2894273a8f251c3cc15cc0d548a88976
- SSDEEP
  
  98304:QAs++BUHecpbpx+sborjZGS/maM8jwsWjMZd3CuwQ3dm0vZ0QgKuEf:QAKBx4px+sNgHW4H3CkZqEf
Score

10^/10

bumblebee onkomsi2 loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2