bumblebee | 201c4d0070552d9dc06b76ee55479fc0a9dfacb6dbec6bbec5265e04644eebc9 | Triage

Sharing

General

Target

201c4d0070552d9dc06b76ee55479fc0a9dfacb6dbec6bbec5265e04644eebc9
Size

2.2MB
Sample

240410-lyp67aee5y
MD5

e114951c5607c67a80be82c980bd720e
SHA1

7b5a1cddc001844ef446d980813f0653659f850d
SHA256

201c4d0070552d9dc06b76ee55479fc0a9dfacb6dbec6bbec5265e04644eebc9
SHA512

cf7727f3cdb900d94a447610d5cc385f5c68d3b7700a778bb53bf8d2c8084c14a602c85578cc9895cb26bed7ce5befda18f1262c0feab2ccbd33b272fac5f87d
SSDEEP

49152:EaLMh74dfw5MKWe6yXdVgfRY8igxZPqPGETlsE:OsfWltGf5Lxd1ESE

Score

10^/10

bumblebee vps2g

Malware Config

Extracted

Family

bumblebee

Botnet

VPS2G

C2

23.81.246.187:443

Targets

- Target
  
  documents.lnk
- Size
  
  1KB
- MD5
  
  813dd41c91bb43332482ad5c0857a8d7
- SHA1
  
  5dfa29b64941d86e05be9d99b881dec1fb8338f4
- SHA256
  
  b953d0b1efb9719f79954788480235b8eccb84b13c5d373969fa3a03aabef788
- SHA512
  
  72536d2787db0cef94aab6088865b5ddaf351330306ba860179a7dbe7a70ca9d6e9d8e88821e4078cbe9ad3e736c758f26758cf7e8a9df7dc12d76df6b124058
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  sysmon64.exe
- Size
  
  2.1MB
- MD5
  
  774efb94ed852690c35d3d794a511638
- SHA1
  
  e74e97ccf970176a86e1443d542a3558befc8f6f
- SHA256
  
  82aeb5d0564557665ebff9d1ccef066336111de1be149eca12275f05085a2cd7
- SHA512
  
  fd52d3efb6b101798e759cfb7e2ec12fec9e54344e2e920d99f137a90d1f80f0650516f4dcf33a0769ff222910e8bea9a2f58c32fba750d73eb0135fe6b9b970
- SSDEEP
  
  49152:YaLMh74dfw5MKWe6yXdVgfRY8igxZPqPGETlsE:ysfWltGf5Lxd1ESE
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4