General

  • Target

    73ed8e7786da9b099e869fb6c8ac19dd3c223a8fb7d577b8f8be364b641da13b

  • Size

    2.7MB

  • Sample

    241125-x5bg6askct

  • MD5

    45b5b0eb4752e4cc15787a54f80c46d6

  • SHA1

    d72b607248445b2f92599d671fd8d9c056d3cea6

  • SHA256

    73ed8e7786da9b099e869fb6c8ac19dd3c223a8fb7d577b8f8be364b641da13b

  • SHA512

    56b7c17a551ff3cf49f7484410e6b36255d0e5a1a57ea8d4957e988987e8d57d8c3b8f36f0f6116e79752024d036690e6c5df53ce48e16f7e653e1e1aef3cb53

  • SSDEEP

    49152:SO05mqQDiCjwnwVv+i2MF/NtSftHFDSy4dx21N+NfSf/wXoCBBUQZcUJ8+mp3giM:SrABiCjwnwVmGF1t6R1j4dx8Njf/w4Cv

Malware Config

Extracted

Family

bumblebee

Botnet

138704

Attributes
  • dga

    45urhm0ldgxb.live

    gx6xly9rp6vl.live

    zv46ga4ntybq.live

    7n1hfolmrnbl.live

    vivh2xlt9i6q.live

    97t3nh4kk510.live

    kbkdtwucfl40.live

    qk6a1ahb63uz.live

    whko7loy7h5z.live

    dad1zg44n0bn.live

    7xwz4hw8dts9.live

    ovekd5n3gklq.live

    amwnef8mjo4v.live

    e7ivqfhnss0x.live

    rjql4nicl6bg.live

    4mo318kk29i4.live

    zpo18lm8vg1x.live

    jc51pt290y0n.live

    rg26t2dc4hf4.live

    qw9a58vunuja.live

    ugm94zjzl5nl.live

    mckag832orba.live

    pdw0v9voxlxr.live

    m4tx2apfmoxo.live

    n2uc737ef71m.live

    hkk3112645hz.live

    ugko9g5ipa4o.live

    8wgq2x4dybx9.live

    h81fx7sj8srr.live

    a4tgoqi1cm8x.live

  • dga_seed

    7834006444057268685

  • domain_length

    12

  • num_dga_domains

    300

  • port

    443

rc4.plain

Targets

    • Target

      FILE_InstallMeAny

    • Size

      1.4MB

    • MD5

      e4e96d377207c990295577e0ebd93f79

    • SHA1

      6c6ed98b484f8a1a145ebe7d900df36fb4abc931

    • SHA256

      ac6311039d5bfe719198c15577d3ee870185529f9510f5c0ddc066f1c8d8c462

    • SHA512

      3db14a6f3dfa2e2768b1c25a65bc6f48c5dc763d80fee576cd7d0b21f3ecdcd25c0096b10c947f6b24999c23df75709604a4dc0fd1d894cdb1b9a556e1e6eaf7

    • SSDEEP

      24576:8c+ApDgcz6SWzMi+6iulvI4rTUJOH/akEElC80FN3kxZP+xzkc3ET:8k/SWslrroJOfrEN80moxzr3c

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      FILE_InstallMeExe

    • Size

      2.3MB

    • MD5

      3cf367e01d074e622e14c36fe1685c0a

    • SHA1

      f9b347b843f438564e606a7d3e273659e0fb7cc7

    • SHA256

      2cb0aea0f3dfe49b99f5f7a0e6f6020413c916e4a21d05d2df1cca3de3e7e91d

    • SHA512

      4033d7e17e673ec67947367fed5f5992d578b61a0da0d24743d03ab0e1bf17f26bce7f80d5b0d23f87736e3d8c429fd4420bec708c295d81d125700bbf4ab3a9

    • SSDEEP

      24576:04MRPjr8C5Gi0v4/bplKYFhoFA496+Se7dwSWt+0zvhsCIA8A3RmzlQ68:2Rfr/bqM2XpWAWJ8MKlQ

    Score
    10/10
    • BumbleBee

      BumbleBee is a loader malware written in C++.

    • Bumblebee family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks