bumblebee | f2f3b1f5c2d2e21e173d9b36f5c52c8a3f6c4eec2d428dbf3c5aa83b90cb9b69 | Triage

Sharing

General

Target

2024-11-20_5d32ada4f02216187028e891ed511b8b_hijackloader_ryuk
Size

1.4MB
Sample

241120-d3lqkavlam
MD5

5d32ada4f02216187028e891ed511b8b
SHA1

bf1c5312c969d8277688fc31c3a3f3387ac382d0
SHA256

f2f3b1f5c2d2e21e173d9b36f5c52c8a3f6c4eec2d428dbf3c5aa83b90cb9b69
SHA512

70670982bbbab90b7a0f86c91824accaee83cc24a5db7aa5795ef3061b47624a468d291f4d3c3aefc6fc8ccd3e73eb8e21696806f51bca2a51756ca9aed6e8f2
SSDEEP

24576:3AltU2PTQ/70pdzyTp4BR78M3T+sV1W4qk9i+pZKhG:qU/+yTp4D73sszf

Score

10^/10

bumblebee 21maca loader

Malware Config

Extracted

Family

bumblebee

Botnet

21maca

C2

108.62.141.20:443

104.168.140.145:443

51.68.145.171:443

108.62.118.170:443

192.119.72.133:443

23.108.57.201:443

rc4.plain

Targets

- Target
  
  2024-11-20_5d32ada4f02216187028e891ed511b8b_hijackloader_ryuk
- Size
  
  1.4MB
- MD5
  
  5d32ada4f02216187028e891ed511b8b
- SHA1
  
  bf1c5312c969d8277688fc31c3a3f3387ac382d0
- SHA256
  
  f2f3b1f5c2d2e21e173d9b36f5c52c8a3f6c4eec2d428dbf3c5aa83b90cb9b69
- SHA512
  
  70670982bbbab90b7a0f86c91824accaee83cc24a5db7aa5795ef3061b47624a468d291f4d3c3aefc6fc8ccd3e73eb8e21696806f51bca2a51756ca9aed6e8f2
- SSDEEP
  
  24576:3AltU2PTQ/70pdzyTp4BR78M3T+sV1W4qk9i+pZKhG:qU/+yTp4D73sszf
Score

10^/10

bumblebee 21maca loader
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Bumblebee family
  bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebee21macaloader

behavioral2

bumblebee21macaloader