bumblebee | 8ae7694001a73e0eebf0ea394396cd1aacc3a817e1e321da288e445f4feb1465 | Triage

Sharing

General

Target

8ae7694001a73e0eebf0ea394396cd1aacc3a817e1e321da288e445f4feb1465.msi.bin
Size

7.8MB
Sample

240229-vjwvvsfa9y
MD5

cbce77f88d5fd1df590d5172bbb83a2c
SHA1

65bd87e1c512e9cd60a3952e0712d0f67aa952e1
SHA256

8ae7694001a73e0eebf0ea394396cd1aacc3a817e1e321da288e445f4feb1465
SHA512

4d579a70782b99c4fb19398f9d7b430cbe5f9ee5b67dbf360f543fecd010aba373a43266b63b5e7bbe00f8636cdd7d9346806cdaffbaa02608c08310cd752ded
SSDEEP

196608:jxaEo5JeKKpyRqNJMWb75RGlzGban/ba:joEWJeKKpyRqNJMWb75RGlzGbCba

Score

10^/10

bumblebee onkomsi2 loader

Malware Config

Extracted

Family

bumblebee

Botnet

onkomsi2

Attributes

dga
n64c2akw.life

zefawfb0.life

dph3pby8.life

hx0hysyg.life

1qa3k743.life

luw8ubf2.life

rbvsf6io.life

4huoqrsp.life

8qwcvseh.life

37zi55wc.life

i9f44mju.life

aqnx9c9h.life

3nmeg5wa.life

r5ue5rok.life

et53yjoc.life

tvgco82h.life

0xtmu3tz.life

6xhpschv.life

6o26tws0.life

0oz7923s.life

54y2q50j.life

9hh7hq5r.life

r0ca080m.life

43vtghfz.life

qal55els.life

p5e68m36.life

x698iah6.life

kqn0zkig.life

wq6w8jkq.life

i6n08gx7.life

yykdmh0r.life

is45ipqt.life

btycmaq0.life

bei9dppm.life

3jhcm6ou.life

1q04n1r6.life

10ciy2hb.life

11ou1grl.life

83b0leyy.life

t31jn4t1.life

b24f19ne.life

igak9l9s.life

hkgd9kar.life

02uhomlq.life

zpy1vssg.life

j57fzy12.life

zmlly8xo.life

pe6r5tzc.life

cg4cuoyi.life

pyjijjlm.life

m3vc2ce4.life

p1p97dov.life

ep0kbvph.life

0rlxan4o.life

zdx0i18o.life

7kmzys39.life

e97igyz6.life

hjcbhzd8.life

az77sw77.life

d0k4fdaa.life

c9l8ri53.life

ay03u2te.life

t99iv15x.life

6a1fbhay.life

zna5lybe.life

vxyojl27.life

mddoknvi.life

2z2dl1og.life

vojg90l2.life

awr5omre.life

tcjcv520.life

aqjjchti.life

6qwim2j8.life

1p34o0do.life

8hxwl72r.life

wykpnxcx.life

o10qz4xe.life

7564a2mg.life

aiv8bb2b.life

jwyxm0f3.life

4soexc4m.life

3xqy6csn.life

3k8iq1nb.life

w2hje2t7.life

fra3xqrx.life

4r3inwrt.life

qhfoevow.life

a9nhflze.life

jpngew6a.life

baunjh6t.life

yqofro9q.life

uq034w07.life

oq36weoi.life

vv5sfo80.life

0req10rd.life

m4v4xq2f.life

1p24echu.life

ohwv1vpp.life

z2tp7x2v.life

q65io756.life
dga_seed
anjd78ka
domain_length
8
num_dga_domains
100
port
443

rc4.plain

Targets

- Target
  
  8ae7694001a73e0eebf0ea394396cd1aacc3a817e1e321da288e445f4feb1465.msi.bin
- Size
  
  7.8MB
- MD5
  
  cbce77f88d5fd1df590d5172bbb83a2c
- SHA1
  
  65bd87e1c512e9cd60a3952e0712d0f67aa952e1
- SHA256
  
  8ae7694001a73e0eebf0ea394396cd1aacc3a817e1e321da288e445f4feb1465
- SHA512
  
  4d579a70782b99c4fb19398f9d7b430cbe5f9ee5b67dbf360f543fecd010aba373a43266b63b5e7bbe00f8636cdd7d9346806cdaffbaa02608c08310cd752ded
- SSDEEP
  
  196608:jxaEo5JeKKpyRqNJMWb75RGlzGban/ba:joEWJeKKpyRqNJMWb75RGlzGbCba
Score

10^/10

bumblebee onkomsi2 loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebeeonkomsi2loader

behavioral2

bumblebeeonkomsi2loader