bumblebee

General

Target

Acrobat_DC_x64_VIP_v10.12.msi
Size

2.7MB
Sample

241122-d75dgatngx
MD5

b9632555b2c19b9182cab9c098c22d8e
SHA1

100d612540c51413141f52c3888114cddb76e9a0
SHA256

1164b944f47a9701ddd682f59c60425faed350647e3f9e562e1abc140a89c7f2
SHA512

b90b26af09115c4ad37f5cb40135de51835ccffbd666168934062fb587a9111fa535e21c1e231aed76a5e871d63a9f71b686367defed3d584f6d76f75e5acb52
SSDEEP

49152:/O05mqQDiCjwnwVv+i2MF/NtSftHFDSy4dx21N+NfSf/wXoCBBUQZcUJ8+mp3gi/:/rABiCjwnwVmGF1t6R1j4dx8Njf/w4C2

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

138704

Attributes

dga
45urhm0ldgxb.live

gx6xly9rp6vl.live

zv46ga4ntybq.live

7n1hfolmrnbl.live

vivh2xlt9i6q.live

97t3nh4kk510.live

kbkdtwucfl40.live

qk6a1ahb63uz.live

whko7loy7h5z.live

dad1zg44n0bn.live

7xwz4hw8dts9.live

ovekd5n3gklq.live

amwnef8mjo4v.live

e7ivqfhnss0x.live

rjql4nicl6bg.live

4mo318kk29i4.live

zpo18lm8vg1x.live

jc51pt290y0n.live

rg26t2dc4hf4.live

qw9a58vunuja.live

ugm94zjzl5nl.live

mckag832orba.live

pdw0v9voxlxr.live

m4tx2apfmoxo.live

n2uc737ef71m.live

hkk3112645hz.live

ugko9g5ipa4o.live

8wgq2x4dybx9.live

h81fx7sj8srr.live

a4tgoqi1cm8x.live

kse2q7uxyrwp.live

mfwnbxvt9qme.live

x99ahfftf28l.live

9n6bmko47gxe.live

6l96lk6edlyf.live

st5j8zqdrppf.live

dxjeucbj4p0j.live

bnpuxnov7lhr.live

a8bxv8lqe1m0.live

yczi2ujcyyro.live

sbeo0cztn1kh.live

o337yf9fh4bf.live

zoki7ma89z7b.live

x2r9bglz76r7.live

wi1w9yu1vush.live

mtqdvzkai700.live

r6o2sj70m85m.live

ut6qohwra5lm.live

9yi98fh7usy1.live

kkpjp9jzbzba.live

whvffwd7zphw.live

uztmazsno4y5.live

i3iubj73c21c.live

b72o02l2ilc6.live

wom4o4cutfx6.live

fek3qya20lid.live

nhkvd56j82xw.live

midyxlu6b22f.live

vp9c9rziba2a.live

rkffupb7i1gv.live

8u7r35mu2e4g.live

3c2xflq8mztc.live

wswis3sptby1.live

9rib57u1zu3c.live

sv3pldc5gkdl.live

bmdcn5celetq.live

y3mpywhmem7t.live

avwtkc23ffmw.live

nvgirtryox1z.live

3rlfa7w0bz37.live

vy9u47oyzltu.live

ysdwk0l8xass.live

tbt0aqol3sp2.live

xqqoo0a8zk0w.live

nevkq7lku38l.live

5u42wjin0vfz.live

y626kbnryktm.live

5k9b8nmc0x8r.live

i18t3jshekua.live

4hk1bcnxbse0.live

si00bu9fv5he.live

g3in90m5caz2.live

f6s4n6w41oov.live

sgl7og2qswmm.live

vrrbk7ykz8h1.live

zl7bmlfq8n9w.live

qydstwmw2imy.live

y9s73mnvurxr.live

7zggkh833im1.live

cvnsiogvl3kt.live

enf3gev34gis.live

doj6z5i9g803.live

zsm954jr5ek4.live

6z96z4mk84dc.live

e0et68offggh.live

au97foecnlrm.live

3ibjpmls5x46.live

mmmpa1byo300.live

3e60zvd64d8y.live

zt3nnzr70hn0.live
dga_seed
7834006444057268685
domain_length
12
num_dga_domains
300
port
443

rc4.plain

Targets

- Target
  
  Acrobat_DC_x64_VIP_v10.12.msi
- Size
  
  2.7MB
- MD5
  
  b9632555b2c19b9182cab9c098c22d8e
- SHA1
  
  100d612540c51413141f52c3888114cddb76e9a0
- SHA256
  
  1164b944f47a9701ddd682f59c60425faed350647e3f9e562e1abc140a89c7f2
- SHA512
  
  b90b26af09115c4ad37f5cb40135de51835ccffbd666168934062fb587a9111fa535e21c1e231aed76a5e871d63a9f71b686367defed3d584f6d76f75e5acb52
- SSDEEP
  
  49152:/O05mqQDiCjwnwVv+i2MF/NtSftHFDSy4dx21N+NfSf/wXoCBBUQZcUJ8+mp3gi/:/rABiCjwnwVmGF1t6R1j4dx8Njf/w4C2
Score

10^/10

bumblebee 138704 discovery loader persistence privilege_escalation upx
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Bumblebee family
  bumblebee
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2