bumblebee | 8ae7694001a73e0eebf0ea394396cd1aacc3a817e1e321da288e445f4feb1465 | Triage

Sharing

General

Target

8ae7694001a73e0eebf0ea394396cd1aacc3a817e1e321da288e445f4feb1465.msi.bin
Size

7.8MB
Sample

240229-vjwvvsfa9y
MD5

cbce77f88d5fd1df590d5172bbb83a2c
SHA1

65bd87e1c512e9cd60a3952e0712d0f67aa952e1
SHA256

8ae7694001a73e0eebf0ea394396cd1aacc3a817e1e321da288e445f4feb1465
SHA512

4d579a70782b99c4fb19398f9d7b430cbe5f9ee5b67dbf360f543fecd010aba373a43266b63b5e7bbe00f8636cdd7d9346806cdaffbaa02608c08310cd752ded
SSDEEP

196608:jxaEo5JeKKpyRqNJMWb75RGlzGban/ba:joEWJeKKpyRqNJMWb75RGlzGbCba

Score

10^/10

bumblebee onkomsi2 loader

Malware Config

Extracted

Family

bumblebee

Botnet

onkomsi2

Attributes

dga
n64c2akw.life
zefawfb0.life
dph3pby8.life
hx0hysyg.life
1qa3k743.life
luw8ubf2.life
rbvsf6io.life
4huoqrsp.life
8qwcvseh.life
37zi55wc.life
i9f44mju.life
aqnx9c9h.life
3nmeg5wa.life
r5ue5rok.life
et53yjoc.life
tvgco82h.life
0xtmu3tz.life
6xhpschv.life
6o26tws0.life
0oz7923s.life
54y2q50j.life
9hh7hq5r.life
r0ca080m.life
43vtghfz.life
qal55els.life
p5e68m36.life
x698iah6.life
kqn0zkig.life
wq6w8jkq.life
i6n08gx7.life
yykdmh0r.life
is45ipqt.life
btycmaq0.life
bei9dppm.life
3jhcm6ou.life
1q04n1r6.life
10ciy2hb.life
11ou1grl.life
83b0leyy.life
t31jn4t1.life
b24f19ne.life
igak9l9s.life
hkgd9kar.life
02uhomlq.life
zpy1vssg.life
j57fzy12.life
zmlly8xo.life
pe6r5tzc.life
cg4cuoyi.life
pyjijjlm.life
m3vc2ce4.life
p1p97dov.life
ep0kbvph.life
0rlxan4o.life
zdx0i18o.life
7kmzys39.life
e97igyz6.life
hjcbhzd8.life
az77sw77.life
d0k4fdaa.life
c9l8ri53.life
ay03u2te.life
t99iv15x.life
6a1fbhay.life
zna5lybe.life
vxyojl27.life
mddoknvi.life
2z2dl1og.life
vojg90l2.life
awr5omre.life
tcjcv520.life
aqjjchti.life
6qwim2j8.life
1p34o0do.life
8hxwl72r.life
wykpnxcx.life
o10qz4xe.life
7564a2mg.life
aiv8bb2b.life
jwyxm0f3.life
4soexc4m.life
3xqy6csn.life
3k8iq1nb.life
w2hje2t7.life
fra3xqrx.life
4r3inwrt.life
qhfoevow.life
a9nhflze.life
jpngew6a.life
baunjh6t.life
yqofro9q.life
uq034w07.life
oq36weoi.life
vv5sfo80.life
0req10rd.life
m4v4xq2f.life
1p24echu.life
ohwv1vpp.life
z2tp7x2v.life
q65io756.life
dga_seed
anjd78ka
domain_length
8
num_dga_domains
100
port
443

rc4.plain

Targets

- Target
  
  8ae7694001a73e0eebf0ea394396cd1aacc3a817e1e321da288e445f4feb1465.msi.bin
- Size
  
  7.8MB
- MD5
  
  cbce77f88d5fd1df590d5172bbb83a2c
- SHA1
  
  65bd87e1c512e9cd60a3952e0712d0f67aa952e1
- SHA256
  
  8ae7694001a73e0eebf0ea394396cd1aacc3a817e1e321da288e445f4feb1465
- SHA512
  
  4d579a70782b99c4fb19398f9d7b430cbe5f9ee5b67dbf360f543fecd010aba373a43266b63b5e7bbe00f8636cdd7d9346806cdaffbaa02608c08310cd752ded
- SSDEEP
  
  196608:jxaEo5JeKKpyRqNJMWb75RGlzGban/ba:joEWJeKKpyRqNJMWb75RGlzGbCba
Score

10^/10

bumblebee onkomsi2 loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bumblebeeonkomsi2loader

behavioral2

bumblebeeonkomsi2loader