General

  • Target

    Midjourney.msi

  • Size

    2.6MB

  • Sample

    241003-larp4syhmb

  • MD5

    c962d866683ba35349a00a70e9c759b4

  • SHA1

    8527e1ab0068df818d5bc991bca0e12c442912c1

  • SHA256

    c26344bfd07b871dd9f6bd7c71275216e18be265e91e5d0800348e8aa06543f9

  • SHA512

    e05e172dc1c0b5feca7ca894d75790e1ceb1cf0f006d90ea6950041fadb14cec9503b628a09584a3bca21459618cc7ed7dd0b603572cdf5442391c74af5a68fb

  • SSDEEP

    49152:qrE0kuqES58NtvUBJrM6WZrws4neyy/MikYHBoHOUGx:MkufFh6W5wvneyyUPgBi

Malware Config

Extracted

Family

bumblebee

Botnet

msi

Attributes
  • dga

    tvx1ovdepj8.life

    acgr6r8zdot.life

    ilofx941igp.life

    8x2apo5m7ri.life

    x9yrzer0ndt.life

    93j4v4jopzd.life

    ameagxzo2f7.life

    nyy41uibsv5.life

    ru4jvijdytq.life

    l9t6r0y6cvi.life

    f4vb9n3tdvh.life

    9do3mcejztt.life

    pxu1ajsdhqr.life

    7exy2b231n2.life

    vu5b47m18jn.life

    6mnudp7zj73.life

    p5047yjrb8q.life

    d0xtxp89bb9.life

    ygo9u1fkwux.life

    fig3gj0v6qe.life

    38f5wvwwn7o.life

    txgogs9p8a1.life

    uyn0icgx1kv.life

    2z1ls31az7s.life

    0cc2z8zrnhf.life

    fsr2hskx44p.life

    du19ek78tjw.life

    234ct3lkozp.life

    he8fq4k8d3w.life

    7ewh8ltr7il.life

  • dga_seed

    1.0163655285949564e+18

  • domain_length

    11

  • num_dga_domains

    100

  • port

    443

rc4.plain

Targets

    • Target

      Midjourney.msi

    • Size

      2.6MB

    • MD5

      c962d866683ba35349a00a70e9c759b4

    • SHA1

      8527e1ab0068df818d5bc991bca0e12c442912c1

    • SHA256

      c26344bfd07b871dd9f6bd7c71275216e18be265e91e5d0800348e8aa06543f9

    • SHA512

      e05e172dc1c0b5feca7ca894d75790e1ceb1cf0f006d90ea6950041fadb14cec9503b628a09584a3bca21459618cc7ed7dd0b603572cdf5442391c74af5a68fb

    • SSDEEP

      49152:qrE0kuqES58NtvUBJrM6WZrws4neyy/MikYHBoHOUGx:MkufFh6W5wvneyyUPgBi

    • BumbleBee

      BumbleBee is a loader malware written in C++.

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks