General

  • Target

    Acrobat_DC_x64_VIP_v10.12.msi

  • Size

    2.7MB

  • Sample

    241122-ec649atpcv

  • MD5

    b9632555b2c19b9182cab9c098c22d8e

  • SHA1

    100d612540c51413141f52c3888114cddb76e9a0

  • SHA256

    1164b944f47a9701ddd682f59c60425faed350647e3f9e562e1abc140a89c7f2

  • SHA512

    b90b26af09115c4ad37f5cb40135de51835ccffbd666168934062fb587a9111fa535e21c1e231aed76a5e871d63a9f71b686367defed3d584f6d76f75e5acb52

  • SSDEEP

    49152:/O05mqQDiCjwnwVv+i2MF/NtSftHFDSy4dx21N+NfSf/wXoCBBUQZcUJ8+mp3gi/:/rABiCjwnwVmGF1t6R1j4dx8Njf/w4C2

Malware Config

Extracted

Family

bumblebee

Botnet

138704

Attributes
  • dga

    45urhm0ldgxb.live

    gx6xly9rp6vl.live

    zv46ga4ntybq.live

    7n1hfolmrnbl.live

    vivh2xlt9i6q.live

    97t3nh4kk510.live

    kbkdtwucfl40.live

    qk6a1ahb63uz.live

    whko7loy7h5z.live

    dad1zg44n0bn.live

    7xwz4hw8dts9.live

    ovekd5n3gklq.live

    amwnef8mjo4v.live

    e7ivqfhnss0x.live

    rjql4nicl6bg.live

    4mo318kk29i4.live

    zpo18lm8vg1x.live

    jc51pt290y0n.live

    rg26t2dc4hf4.live

    qw9a58vunuja.live

    ugm94zjzl5nl.live

    mckag832orba.live

    pdw0v9voxlxr.live

    m4tx2apfmoxo.live

    n2uc737ef71m.live

    hkk3112645hz.live

    ugko9g5ipa4o.live

    8wgq2x4dybx9.live

    h81fx7sj8srr.live

    a4tgoqi1cm8x.live

  • dga_seed

    7834006444057268685

  • domain_length

    12

  • num_dga_domains

    300

  • port

    443

rc4.plain

Targets

    • Target

      Acrobat_DC_x64_VIP_v10.12.msi

    • Size

      2.7MB

    • MD5

      b9632555b2c19b9182cab9c098c22d8e

    • SHA1

      100d612540c51413141f52c3888114cddb76e9a0

    • SHA256

      1164b944f47a9701ddd682f59c60425faed350647e3f9e562e1abc140a89c7f2

    • SHA512

      b90b26af09115c4ad37f5cb40135de51835ccffbd666168934062fb587a9111fa535e21c1e231aed76a5e871d63a9f71b686367defed3d584f6d76f75e5acb52

    • SSDEEP

      49152:/O05mqQDiCjwnwVv+i2MF/NtSftHFDSy4dx21N+NfSf/wXoCBBUQZcUJ8+mp3gi/:/rABiCjwnwVmGF1t6R1j4dx8Njf/w4C2

    • BumbleBee

      BumbleBee is a loader malware written in C++.

    • Bumblebee family

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks