General

  • Target

    106c81f547cfe8332110520c968062004ca58bcfd2dbb0accd51616dd694721f.lnk

  • Size

    3KB

  • Sample

    241004-bgh2fawdkn

  • MD5

    2aed3939fbf8f1967d68fcc746771889

  • SHA1

    eb04819a97ca2cf33211c6ea323a9c77cdfacfcf

  • SHA256

    106c81f547cfe8332110520c968062004ca58bcfd2dbb0accd51616dd694721f

  • SHA512

    0d45000b7a470655668e5c0c95aaab3911b75b3f4163abb02f9b6e987e070ad02af144d5f791ebf6940c5c838f35ff55f7c0b906ade62f47dde6ad9ff1750b1c

Malware Config

Extracted

Family

bumblebee

Botnet

msi

Attributes
  • dga

    tvx1ovdepj8.life

    acgr6r8zdot.life

    ilofx941igp.life

    8x2apo5m7ri.life

    x9yrzer0ndt.life

    93j4v4jopzd.life

    ameagxzo2f7.life

    nyy41uibsv5.life

    ru4jvijdytq.life

    l9t6r0y6cvi.life

    f4vb9n3tdvh.life

    9do3mcejztt.life

    pxu1ajsdhqr.life

    7exy2b231n2.life

    vu5b47m18jn.life

    6mnudp7zj73.life

    p5047yjrb8q.life

    d0xtxp89bb9.life

    ygo9u1fkwux.life

    fig3gj0v6qe.life

    38f5wvwwn7o.life

    txgogs9p8a1.life

    uyn0icgx1kv.life

    2z1ls31az7s.life

    0cc2z8zrnhf.life

    fsr2hskx44p.life

    du19ek78tjw.life

    234ct3lkozp.life

    he8fq4k8d3w.life

    7ewh8ltr7il.life

  • dga_seed

    1.0163655285949564e+18

  • domain_length

    11

  • num_dga_domains

    100

  • port

    443

rc4.plain

Targets

    • Target

      106c81f547cfe8332110520c968062004ca58bcfd2dbb0accd51616dd694721f.lnk

    • Size

      3KB

    • MD5

      2aed3939fbf8f1967d68fcc746771889

    • SHA1

      eb04819a97ca2cf33211c6ea323a9c77cdfacfcf

    • SHA256

      106c81f547cfe8332110520c968062004ca58bcfd2dbb0accd51616dd694721f

    • SHA512

      0d45000b7a470655668e5c0c95aaab3911b75b3f4163abb02f9b6e987e070ad02af144d5f791ebf6940c5c838f35ff55f7c0b906ade62f47dde6ad9ff1750b1c

    • BumbleBee

      BumbleBee is a loader malware written in C++.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks