bumblebee | d34d5d293ef589bc20d27d216385f34706a8a049460633a9476222e0a3bd0680 | Triage

Submit
Reports

Overview

overview

Static

static

artifacts.zip

windows11-21h2-x64

9

Sharing

General

Target

artifacts.zip
Size

139.8MB
Sample

240822-rv83savbnr
MD5

d0e1b50214b55a05c9c36f5d6af0e5e0
SHA1

29d6d783b4f55c9293e75d63dc58c92ad757d7b0
SHA256

d34d5d293ef589bc20d27d216385f34706a8a049460633a9476222e0a3bd0680
SHA512

021c08bbc3e30ff672cc69210295598b84f8d2aa33a7c42e11fc09a1b6b70627aba5281bf2903040d06f2049f1b4cbbc6684d280531a9cf89cc812f65ed4810f
SSDEEP

3145728:RyRREc3Z0CqFp83bUchCAXDSlBAvPkKkzc+wVlOljKhvsPnN4yo8EmQ/Wqu9:yJWHG3LhCVleHkYlOljtN4GQ/Wqu9

Score

10^/10

bumblebee steam defense_evasion discovery evasion execution persistence phishing

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

artifacts.zip

Resource

win11-20240802-en

steam defense_evasion discovery evasion execution persistence phishing

windows11-21h2-x64

30 signatures

150 seconds

Malware Config

Targets

- Target
  
  artifacts.zip
- Size
  
  139.8MB
- MD5
  
  d0e1b50214b55a05c9c36f5d6af0e5e0
- SHA1
  
  29d6d783b4f55c9293e75d63dc58c92ad757d7b0
- SHA256
  
  d34d5d293ef589bc20d27d216385f34706a8a049460633a9476222e0a3bd0680
- SHA512
  
  021c08bbc3e30ff672cc69210295598b84f8d2aa33a7c42e11fc09a1b6b70627aba5281bf2903040d06f2049f1b4cbbc6684d280531a9cf89cc812f65ed4810f
- SSDEEP
  
  3145728:RyRREc3Z0CqFp83bUchCAXDSlBAvPkKkzc+wVlOljKhvsPnN4yo8EmQ/Wqu9:yJWHG3LhCVleHkYlOljtN4GQ/Wqu9
Score

9^/10

steam defense_evasion discovery evasion execution persistence phishing
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Detected potential entity reuse from brand steam.
  phishing steam
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Software Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

steamdefense_evasiondiscoveryevasionexecutionpersistencephishing

© 2018-2024

Terms | Privacy