General

  • Target

    nvinstall.msi

  • Size

    4.5MB

  • Sample

    241011-b77gqathqm

  • MD5

    bc9f159c780f8092641faa7cb0ba81a1

  • SHA1

    66d338e045b58295de3657fa0ea1f491435837e1

  • SHA256

    0ab5b3e9790aa8ada1bbadd5d22908b5ba7b9f078e8f5b4e8fcc27cc0011cce7

  • SHA512

    2bfcf7684eb5698d1a6d76aabf79a0b4c918891000fdf15cd6ded1a244e2487fbe7de302f7794b9a0651e34a742808e0553c5613e2972e503513ad91bb442c44

  • SSDEEP

    98304:kkufFmgXZDBMPnafxyZN5znYFSk0VGWfVlwsfpnm:kkpEZDByEojnYFSHLwsf

Malware Config

Extracted

Family

bumblebee

Botnet

msi

Attributes
  • dga

    tvx1ovdepj8.life

    acgr6r8zdot.life

    ilofx941igp.life

    8x2apo5m7ri.life

    x9yrzer0ndt.life

    93j4v4jopzd.life

    ameagxzo2f7.life

    nyy41uibsv5.life

    ru4jvijdytq.life

    l9t6r0y6cvi.life

    f4vb9n3tdvh.life

    9do3mcejztt.life

    pxu1ajsdhqr.life

    7exy2b231n2.life

    vu5b47m18jn.life

    6mnudp7zj73.life

    p5047yjrb8q.life

    d0xtxp89bb9.life

    ygo9u1fkwux.life

    fig3gj0v6qe.life

    38f5wvwwn7o.life

    txgogs9p8a1.life

    uyn0icgx1kv.life

    2z1ls31az7s.life

    0cc2z8zrnhf.life

    fsr2hskx44p.life

    du19ek78tjw.life

    234ct3lkozp.life

    he8fq4k8d3w.life

    7ewh8ltr7il.life

  • dga_seed

    1.0163655285949564e+18

  • domain_length

    11

  • num_dga_domains

    100

  • port

    443

rc4.plain

Targets

    • Target

      nvinstall.msi

    • Size

      4.5MB

    • MD5

      bc9f159c780f8092641faa7cb0ba81a1

    • SHA1

      66d338e045b58295de3657fa0ea1f491435837e1

    • SHA256

      0ab5b3e9790aa8ada1bbadd5d22908b5ba7b9f078e8f5b4e8fcc27cc0011cce7

    • SHA512

      2bfcf7684eb5698d1a6d76aabf79a0b4c918891000fdf15cd6ded1a244e2487fbe7de302f7794b9a0651e34a742808e0553c5613e2972e503513ad91bb442c44

    • SSDEEP

      98304:kkufFmgXZDBMPnafxyZN5znYFSk0VGWfVlwsfpnm:kkpEZDByEojnYFSHLwsf

    • BumbleBee

      BumbleBee is a loader malware written in C++.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks