bumblebee

General

Target

Report-41952.zip
Size

1KB
Sample

241003-p26vws1frb
MD5

fca39237469f6c099855a99a821a2e16
SHA1

71787a36ed09183a570096f065d3a4c6685ef1c4
SHA256

2bca5abfac168454ce4e97a10ccf8ffc068e1428fa655286210006b298de42fb
SHA512

8d4bfbf1353f64f62fea249c9cbdee989b4f6691365f01264db3a06791731603c805c8f1bc13568ef72424f7c02adfd0929380cac9f488aa5d1c9241e280a730

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

msi

Attributes

dga
tvx1ovdepj8.life

acgr6r8zdot.life

ilofx941igp.life

8x2apo5m7ri.life

x9yrzer0ndt.life

93j4v4jopzd.life

ameagxzo2f7.life

nyy41uibsv5.life

ru4jvijdytq.life

l9t6r0y6cvi.life

f4vb9n3tdvh.life

9do3mcejztt.life

pxu1ajsdhqr.life

7exy2b231n2.life

vu5b47m18jn.life

6mnudp7zj73.life

p5047yjrb8q.life

d0xtxp89bb9.life

ygo9u1fkwux.life

fig3gj0v6qe.life

38f5wvwwn7o.life

txgogs9p8a1.life

uyn0icgx1kv.life

2z1ls31az7s.life

0cc2z8zrnhf.life

fsr2hskx44p.life

du19ek78tjw.life

234ct3lkozp.life

he8fq4k8d3w.life

7ewh8ltr7il.life

dw34kmgfl7t.life

f2j20ayqh8y.life

331k2rdkmmb.life

37z6li6l9y2.life

dpgs2lt1sbz.life

plll0xq4y82.life

bzc9sq2pz53.life

7r8ln1wswth.life

y9neib92f2m.life

m5iukps17y7.life

xo8be64ejh2.life

widn8soih8u.life

08mkuqnx6gv.life

lzeqr3apopn.life

o4m5a5no7e8.life

2u8znzsbrto.life

dxyob8x456a.life

lrugnff8fkc.life

38i6lh0rpze.life

mjb3r6mcs1f.life

vl41cymzzfq.life

qc4mwjiop45.life

z3z4fq0420z.life

0tab35o0swu.life

4izk0gc9is6.life

6brdh3p893b.life

736d0mvetjw.life

drmk5rdefb5.life

1v0xhie4os8.life

khxcp22s3dz.life

8z9m8hndrhp.life

xeoz1f1vjs0.life

lobavyclh8e.life

in4pzu7t2pv.life

j280b59doxz.life

6q894zusd4k.life

y7pzxau0717.life

bev8ymaajb7.life

glux8x5b8d6.life

yan95akxgqt.life

9qiliikd3sp.life

ge0lpqif3ar.life

ar7xakeve0o.life

eb4l6wisq9z.life

1grovn87c8s.life

wdga570b8pz.life

nzs8vi9w5o8.life

q7dfpyyhe08.life

exueqqmz3ia.life

65r8nx12fqr.life

vauy5ah65sx.life

8hjv8mbhrlj.life

eeqwg3mzq07.life

b1h0uaabzyz.life

8qvt5iabz5n.life

8ru044xed25.life

w8ligr695sd.life

3e6rrifr5fn.life

9f6p9g7x13s.life

ibcm5at6qrz.life

spd22scperm.life

4k59ij2ujeu.life

07zxfo0kere.life

nhdeapyfg7e.life

y0zvqpi42no.life

zdf5ki8x9r0.life

8mgj12azbyd.life

l6syolvczan.life

mk7plk9c6i2.life

hudrx8fn980.life
dga_seed
1.0163655285949564e+18
domain_length
11
num_dga_domains
100
port
443

rc4.plain

Targets

- Target
  
  Report-41952.lnk
- Size
  
  3KB
- MD5
  
  2aed3939fbf8f1967d68fcc746771889
- SHA1
  
  eb04819a97ca2cf33211c6ea323a9c77cdfacfcf
- SHA256
  
  106c81f547cfe8332110520c968062004ca58bcfd2dbb0accd51616dd694721f
- SHA512
  
  0d45000b7a470655668e5c0c95aaab3911b75b3f4163abb02f9b6e987e070ad02af144d5f791ebf6940c5c838f35ff55f7c0b906ade62f47dde6ad9ff1750b1c
Score

10^/10

execution bumblebee msi discovery loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2