Overview

overview

10

Static

static

10

Attachments.dll

windows7-x64

8

Attachments.dll

windows10-2004-x64

8

Attachments.lnk

windows7-x64

8

Attachments.lnk

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6214e19836c0c3c4bc94e23d6391c45ad87fdd890f6cbd3ab078650455c31dc8

  • Size

    1.0MB

  • Sample

    240410-nj2b1sdh54

  • MD5

    f411c1a716639d477d0838bba30a8fbb

  • SHA1

    8100df98a73a8a037b4085b86ff42af9c438f382

  • SHA256

    6214e19836c0c3c4bc94e23d6391c45ad87fdd890f6cbd3ab078650455c31dc8

  • SHA512

    fbda76832d983221ae32ac4ff8a129efbad205f2f16d370e98d7329451da1e3941c25ea9c5629d79d4bbe6f46b853bcea6e2432a2a31221bcaaac7a02d445042

  • SSDEEP

    24576:v78He7Xb4ZMhMdNI5BhlQmNeDiMkhSripiP4Ln2zt8GtHf4:vYHe7L4WhMQqiMksriN2zKCg

Score
10/10
bumblebeevps1group

Malware Config

Extracted

Family

bumblebee

Botnet

VPS1GROUP

C2

23.82.19.208:443

Targets

    • Target

      Attachments.dat

    • Size

      2.2MB

    • MD5

      555b77d23549e231c8d7f0b003cc5164

    • SHA1

      afde458ab0294f206a5cf832ce4e73661b0308f8

    • SHA256

      9fd92b2633147d58a5d4a28d1f5f66a11873c4185c44429295cda9956defa6d4

    • SHA512

      a2d918e62fa320e73649099d3e15aa9790b39e878c965487e4621d5851d3d867f3b650470849e5518b40f99db0cbf9030807df59b476db266e5ae21b48d65384

    • SSDEEP

      49152:wACKBYY7RFBiT6EdtaKBrTUR88VKIMUqPGZZNyc:/F4aKuR88lMU1Zzyc

    Score
    8/10

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      Attachments.lnk

    • Size

      1KB

    • MD5

      cac3161c21fc24e8530ad189835f7d68

    • SHA1

      f58e9d6ade2e933bb379ce5fb44e0fa4c598ba63

    • SHA256

      96a0a7ee73984d9a2ed785ff822d090549769c16feed09d31322d9a36f53f856

    • SHA512

      f961379e0d9085911f0dcee94521ded6aab34babb9ab824db221256d3f73bcbcab7795ddf26f5d11c80a7e15948c68241fab2e83ad2e678088045d65528e9a41

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks