Resubmissions

23-02-2024 10:07

240223-l5tg7aee8t 10

16-02-2024 15:46

240216-s7wtnadd27 10

General

  • Target

    c34e5d36bd3a9a6fca92e900ab015aa50bb20d2cd6c0b6e03d070efe09ee689a.1

  • Size

    2.3MB

  • Sample

    240216-s7wtnadd27

  • MD5

    e815078b81bda42fd1d8029f82f63f8c

  • SHA1

    6ddae41b0861ff953d261dabd7d63b7ff1dce7e8

  • SHA256

    c34e5d36bd3a9a6fca92e900ab015aa50bb20d2cd6c0b6e03d070efe09ee689a

  • SHA512

    7330be3ff019303b49afb753b45fedf9b6794a4ea670faa2eeb477dc7168aeadad52e5499bca52eb2c23f8e9a5c021d7c2ddb1c44ce82fcd357cdd257b31f0fb

  • SSDEEP

    24576:+7GSow1W1xmEJj65Ar478M30eNxFrSZJi8nDjXEHAzeozxlXZWXrXExoXOG8UdDP:+PKG7783j/2buc4

Score
10/10

Malware Config

Extracted

Family

bumblebee

Botnet

dcc3

Attributes
  • dga

    vg7uaic3.life

    9rzeyw6d.life

    gaiuzmjh.life

    fjtwh7ez.life

    b7v0h14g.life

    25utqefr.life

    racgyvid.life

    hocj7ez7.life

    0yznun55.life

    fcl2tw80.life

    g4ggjukx.life

    u3zvhegy.life

    n6s0rru2.life

    myskwtvz.life

    es4xrlbf.life

    rm0vgyz1.life

    mkt3shgr.life

    uj1lqdzb.life

    wdxn08y6.life

    xwcetuq6.life

    7v3pqzur.life

    z4u0pw7m.life

    akzuglxg.life

    0hb72lv4.life

    qo725zwl.life

    h5hyssny.life

    dwdgv8ey.life

    r1vp426o.life

    s68s3bdd.life

    r4x6iy6x.life

  • dga_seed

    Ķ�C#��+

  • domain_length

    8

  • num_dga_domains

    100

  • port

    443

rc4.plain

Targets

    • Target

      c34e5d36bd3a9a6fca92e900ab015aa50bb20d2cd6c0b6e03d070efe09ee689a.1

    • Size

      2.3MB

    • MD5

      e815078b81bda42fd1d8029f82f63f8c

    • SHA1

      6ddae41b0861ff953d261dabd7d63b7ff1dce7e8

    • SHA256

      c34e5d36bd3a9a6fca92e900ab015aa50bb20d2cd6c0b6e03d070efe09ee689a

    • SHA512

      7330be3ff019303b49afb753b45fedf9b6794a4ea670faa2eeb477dc7168aeadad52e5499bca52eb2c23f8e9a5c021d7c2ddb1c44ce82fcd357cdd257b31f0fb

    • SSDEEP

      24576:+7GSow1W1xmEJj65Ar478M30eNxFrSZJi8nDjXEHAzeozxlXZWXrXExoXOG8UdDP:+PKG7783j/2buc4

    Score
    10/10
    • BumbleBee

      BumbleBee is a loader malware written in C++.

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks