bumblebee | 6214e19836c0c3c4bc94e23d6391c45ad87fdd890f6cbd3ab078650455c31dc8 | Triage

Sharing

General

Target

6214e19836c0c3c4bc94e23d6391c45ad87fdd890f6cbd3ab078650455c31dc8
Size

1.0MB
Sample

240410-nj2b1sdh54
MD5

f411c1a716639d477d0838bba30a8fbb
SHA1

8100df98a73a8a037b4085b86ff42af9c438f382
SHA256

6214e19836c0c3c4bc94e23d6391c45ad87fdd890f6cbd3ab078650455c31dc8
SHA512

fbda76832d983221ae32ac4ff8a129efbad205f2f16d370e98d7329451da1e3941c25ea9c5629d79d4bbe6f46b853bcea6e2432a2a31221bcaaac7a02d445042
SSDEEP

24576:v78He7Xb4ZMhMdNI5BhlQmNeDiMkhSripiP4Ln2zt8GtHf4:vYHe7L4WhMQqiMksriN2zKCg

Score

10^/10

bumblebee vps1group

Malware Config

Extracted

Family

bumblebee

Botnet

VPS1GROUP

C2

23.82.19.208:443

Targets

- Target
  
  Attachments.dat
- Size
  
  2.2MB
- MD5
  
  555b77d23549e231c8d7f0b003cc5164
- SHA1
  
  afde458ab0294f206a5cf832ce4e73661b0308f8
- SHA256
  
  9fd92b2633147d58a5d4a28d1f5f66a11873c4185c44429295cda9956defa6d4
- SHA512
  
  a2d918e62fa320e73649099d3e15aa9790b39e878c965487e4621d5851d3d867f3b650470849e5518b40f99db0cbf9030807df59b476db266e5ae21b48d65384
- SSDEEP
  
  49152:wACKBYY7RFBiT6EdtaKBrTUR88VKIMUqPGZZNyc:/F4aKuR88lMU1Zzyc
Score

8^/10
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  Attachments.lnk
- Size
  
  1KB
- MD5
  
  cac3161c21fc24e8530ad189835f7d68
- SHA1
  
  f58e9d6ade2e933bb379ce5fb44e0fa4c598ba63
- SHA256
  
  96a0a7ee73984d9a2ed785ff822d090549769c16feed09d31322d9a36f53f856
- SHA512
  
  f961379e0d9085911f0dcee94521ded6aab34babb9ab824db221256d3f73bcbcab7795ddf26f5d11c80a7e15948c68241fab2e83ad2e678088045d65528e9a41
Score

8^/10
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

vps1groupbumblebee

behavioral1

behavioral2

behavioral3

behavioral4