Overview

overview

10

Static

static

10

documents.lnk

windows7-x64

3

documents.lnk

windows10-2004-x64

7

sysmon32.exe

windows7-x64

1

sysmon32.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01cc151149b5bf974449b00de08ce7dbf5eca77f55edd00982a959e48d017225

  • Size

    2.2MB

  • Sample

    240410-k8z9gadd5s

  • MD5

    c0639fc28663bb3ea08d34769480bf5b

  • SHA1

    33e9fc0e236babf59664a11a149c85c1696f944f

  • SHA256

    01cc151149b5bf974449b00de08ce7dbf5eca77f55edd00982a959e48d017225

  • SHA512

    abfc1917eedaf2512513a9fb45f8f174dfbb1207a333f7b6eab26fab63a730d83d96af9423cd78360375c7b34eaf87b54646699cd662e2f36f3f2aca8f88a4a5

  • SSDEEP

    49152:73GD6aFj0Mb8VxOs7t7NgRpvIxDwSAEsqPGRgYmlF4Qn:n5MKzxyDCwSAz1RmF4Q

Score
10/10
bumblebeevps2group

Malware Config

Extracted

Family

bumblebee

Botnet

VPS2GROUP

C2

23.81.246.187:443

Targets

    • Target

      documents.lnk

    • Size

      1KB

    • MD5

      feab777f81627e16c143ead0f3bdc780

    • SHA1

      d149bd28ada295b34d10d9c363cfaed604691e68

    • SHA256

      170d68f8e0b1149374c5d6de3e4da3b06e572e630c4f634f99eee30331e4fff9

    • SHA512

      550e52a4b605b0177a7c0c971823c75ad2946e610b2babf5b4b50e16ef377361f479abe73c6986322142841d578a636e6789f671644ced569930c9c921968eec

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      sysmon32.exe

    • Size

      2.1MB

    • MD5

      e74391a7312eba27d05609e467c0de30

    • SHA1

      b67aeaad3d3f131a35392f98ad36f25cf22fc2d0

    • SHA256

      e1c26184f9cf2187d070975607172f855b4e06429426e1d3c774c357a1939d85

    • SHA512

      0721a24543f332c75792378f929255142af528dfa2d4543957c3ede01299fb4cb2732fda78ea9936c0754e508f96f341353409c9212d1bf28148afbbb91d5cae

    • SSDEEP

      49152:e3GD6aFj0Mb8VxOs7t7NgRpvIxDwSAEsqPGRgYmlF4Qn:G5MKzxyDCwSAz1RmF4Q

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks