bumblebee | 33a57eed92fa4acf1be788ce387d0f6f3804aab316d04bcfe8b43cccaf08bdbf | Triage

Sharing

General

Target

6309e1.msi
Size

4.1MB
Sample

231127-r4qmsshb67
MD5

9159f9fb42365dc0a492ece7ec9aa546
SHA1

8b8426ade01c916bb1f08f69dee611d4cd2379b5
SHA256

33a57eed92fa4acf1be788ce387d0f6f3804aab316d04bcfe8b43cccaf08bdbf
SHA512

d40dcb370495edfe29c4eb488f7ca628a284a69de1d0aa8485d1c92659ab4a80839ce773f1f8b938f2333587019cb42831dd6ea2e349ae4bf7d096a09da657c5
SSDEEP

49152:2DxTgxjSwdT55PZUdV0Du9WsVFPLYLeyCtw50kqKKAf5Q8+5eNBA:bxjSwdqswLYKy0wpqKKAf5Q

Score

10^/10

bumblebee test101234 loader

Malware Config

Extracted

Family

bumblebee

Botnet

test101234

Attributes

dga
n64c2akw.life

zefawfb0.life

dph3pby8.life

hx0hysyg.life

1qa3k743.life

luw8ubf2.life

rbvsf6io.life

4huoqrsp.life

8qwcvseh.life

37zi55wc.life

i9f44mju.life

aqnx9c9h.life

3nmeg5wa.life

r5ue5rok.life

et53yjoc.life

tvgco82h.life

0xtmu3tz.life

6xhpschv.life

6o26tws0.life

0oz7923s.life

54y2q50j.life

9hh7hq5r.life

r0ca080m.life

43vtghfz.life

qal55els.life

p5e68m36.life

x698iah6.life

kqn0zkig.life

wq6w8jkq.life

i6n08gx7.life

yykdmh0r.life

is45ipqt.life

btycmaq0.life

bei9dppm.life

3jhcm6ou.life

1q04n1r6.life

10ciy2hb.life

11ou1grl.life

83b0leyy.life

t31jn4t1.life

b24f19ne.life

igak9l9s.life

hkgd9kar.life

02uhomlq.life

zpy1vssg.life

j57fzy12.life

zmlly8xo.life

pe6r5tzc.life

cg4cuoyi.life

pyjijjlm.life

m3vc2ce4.life

p1p97dov.life

ep0kbvph.life

0rlxan4o.life

zdx0i18o.life

7kmzys39.life

e97igyz6.life

hjcbhzd8.life

az77sw77.life

d0k4fdaa.life

c9l8ri53.life

ay03u2te.life

t99iv15x.life

6a1fbhay.life

zna5lybe.life

vxyojl27.life

mddoknvi.life

2z2dl1og.life

vojg90l2.life

awr5omre.life

tcjcv520.life

aqjjchti.life

6qwim2j8.life

1p34o0do.life

8hxwl72r.life

wykpnxcx.life

o10qz4xe.life

7564a2mg.life

aiv8bb2b.life

jwyxm0f3.life

4soexc4m.life

3xqy6csn.life

3k8iq1nb.life

w2hje2t7.life

fra3xqrx.life

4r3inwrt.life

qhfoevow.life

a9nhflze.life

jpngew6a.life

baunjh6t.life

yqofro9q.life

uq034w07.life

oq36weoi.life

vv5sfo80.life

0req10rd.life

m4v4xq2f.life

1p24echu.life

ohwv1vpp.life

z2tp7x2v.life

q65io756.life
dga_seed
anjd78ka
domain_length
8
num_dga_domains
100
port
443

rc4.plain

Targets

- Target
  
  6309e1.msi
- Size
  
  4.1MB
- MD5
  
  9159f9fb42365dc0a492ece7ec9aa546
- SHA1
  
  8b8426ade01c916bb1f08f69dee611d4cd2379b5
- SHA256
  
  33a57eed92fa4acf1be788ce387d0f6f3804aab316d04bcfe8b43cccaf08bdbf
- SHA512
  
  d40dcb370495edfe29c4eb488f7ca628a284a69de1d0aa8485d1c92659ab4a80839ce773f1f8b938f2333587019cb42831dd6ea2e349ae4bf7d096a09da657c5
- SSDEEP
  
  49152:2DxTgxjSwdT55PZUdV0Du9WsVFPLYLeyCtw50kqKKAf5Q8+5eNBA:bxjSwdqswLYKy0wpqKKAf5Q
Score

10^/10

bumblebee test101234 loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebeetest101234loader

behavioral2

bumblebeetest101234loader