General

  • Target

    Win32.BUMBLEBEE_0.1 (1).zip

  • Size

    1.3MB

  • Sample

    240915-z4cpyatdjq

  • MD5

    99b794c1f126d34d1ec3f7e77afd1924

  • SHA1

    0bc32cb18f1da390bcafa6946fbbdf22922c7afc

  • SHA256

    cf8bfac1ce68faf49ca1e80151bf04bce833f34fcc22cfee0b2cd432fecf438c

  • SHA512

    09f345a6a1728fa02c1dd5f86bcb95870d6ae733425567e07214edb043ac87bf1a9337043f638fa16e5e09da073908fae30c148f4483d0b025c0cfe5069b0e91

  • SSDEEP

    24576:ePBEW/+KCfwxMotRs3i034xX3uvFs2upzb7D7sd2ulX5M+orzC3Y6T1:aHhtaF836u2u1b7D7oArh6T1

Malware Config

Extracted

Family

bumblebee

Botnet

dcc3

Attributes
  • dga

    kxk0fp99.life

    9b7t2l0q.life

    hyivgigf.life

    ge0gmguu.life

    c0g886v7.life

    z5gt6avq.life

    bhqjgnyg.life

    vtq4vrd1.life

    wmds946t.life

    lawsc41o.life

    8zxvhrw3.life

    6t152qng.life

    8jenv5cj.life

    nnc9xesb.life

    vevijml2.life

    qblg0klz.life

    3botypuk.life

    quw31ted.life

    n9t609lu.life

    mtu5eery.life

    guycev3v.life

    klcmu5e3.life

    hm2psb94.life

    wiof5kps.life

    ink7i9yf.life

    rj3h9lji.life

    n0ohhx48.life

    d5lspsc8.life

    wuxe83rt.life

    rka4u64f.life

  • dga_seed

    3.169630490570045e+18

  • domain_length

    8

  • num_dga_domains

    100

  • port

    443

rc4.plain

Targets

    • Target

      0cef17ba672793d8e32216240706cf46e3a2894d0e558906a1782405a8f4decf

    • Size

      93KB

    • MD5

      e745d9bb0dd69f151afea9eadc808711

    • SHA1

      8b2b5cfc6ffc976a51059a84e020d9459e870bfd

    • SHA256

      0cef17ba672793d8e32216240706cf46e3a2894d0e558906a1782405a8f4decf

    • SHA512

      bfcd2c4b25a5331b43d0f858ed24b834bbfc6ca13b00d71b161efeb2dc31f66b52d907145ad6c0d5663e0a3baf7dbdb537ac8865ecbff53d297640a4fc6ba8b9

    • SSDEEP

      1536:SwYn0lfu/j5Q0KWn1o6DB+ZbuRqcwoDZc4+bhwTd81tlrJVhfIGgdqVw2X8Qr374:SwY0lo1QG1FDFpZabhwTIXvNjgEW2XxY

    Score
    3/10
    • Target

      c34e5d36bd3a9a6fca92e900ab015aa50bb20d2cd6c0b6e03d070efe09ee689a

    • Size

      2.3MB

    • MD5

      e815078b81bda42fd1d8029f82f63f8c

    • SHA1

      6ddae41b0861ff953d261dabd7d63b7ff1dce7e8

    • SHA256

      c34e5d36bd3a9a6fca92e900ab015aa50bb20d2cd6c0b6e03d070efe09ee689a

    • SHA512

      7330be3ff019303b49afb753b45fedf9b6794a4ea670faa2eeb477dc7168aeadad52e5499bca52eb2c23f8e9a5c021d7c2ddb1c44ce82fcd357cdd257b31f0fb

    • SSDEEP

      24576:+7GSow1W1xmEJj65Ar478M30eNxFrSZJi8nDjXEHAzeozxlXZWXrXExoXOG8UdDP:+PKG7783j/2buc4

    Score
    10/10
    • BumbleBee

      BumbleBee is a loader malware written in C++.

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks