Overview

overview

10

Static

static

10

Attachments.dll

windows7-x64

8

Attachments.dll

windows10-2004-x64

8

Attachments.lnk

windows7-x64

8

Attachments.lnk

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9eacade8174f008c48ea57d43068dbce3d91093603db0511467c18252f60de32

  • Size

    2.3MB

  • Sample

    240410-p72s5abf5x

  • MD5

    15f0cb9f3c41a2f79cd72dfa6ae50db8

  • SHA1

    b3a3a97dd7933343011faaae8462ccbe3b48cbe9

  • SHA256

    9eacade8174f008c48ea57d43068dbce3d91093603db0511467c18252f60de32

  • SHA512

    af1cc70af547d29c629143fe4b187f25a9c0b93c63d95a89bc3d47765ad2ad95e4edf9de328222482d1742e075352f0e82fe5b7542edf52e4f061130fd3cc06a

  • SSDEEP

    49152:2R7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfepLX:RqSv/J7H+M91rmpz

Score
10/10
bumblebeevps1group

Malware Config

Extracted

Family

bumblebee

Botnet

VPS1GROUP

C2

23.82.19.208:443

Targets

    • Target

      Attachments.dat

    • Size

      2.2MB

    • MD5

      e6a046d1baa7cd2100bdf48102b8a144

    • SHA1

      a7838aa4f42c95ee245f9b62d2c894a4c2067894

    • SHA256

      08cd6983f183ef65eabd073c01f137a913282504e2502ac34a1be3e599ac386b

    • SHA512

      3d7cad15f9577926af9ee100d71fbf50a9f70c681d4735836a668b83828c97e63e514e78c9b64b2f328ae352a852d6e4053413888342d16196652c7d6283d242

    • SSDEEP

      49152:KR7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfepLX:VqSv/J7H+M91rmpz

    Score
    8/10

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      Attachments.lnk

    • Size

      1KB

    • MD5

      cac3161c21fc24e8530ad189835f7d68

    • SHA1

      f58e9d6ade2e933bb379ce5fb44e0fa4c598ba63

    • SHA256

      96a0a7ee73984d9a2ed785ff822d090549769c16feed09d31322d9a36f53f856

    • SHA512

      f961379e0d9085911f0dcee94521ded6aab34babb9ab824db221256d3f73bcbcab7795ddf26f5d11c80a7e15948c68241fab2e83ad2e678088045d65528e9a41

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks