General
-
Target
d9060dfa2592d33946220f9a80864f50d11f680ba5f7774e81fc43879a848c60.zip
-
Size
727KB
-
Sample
241129-p5775awnhv
-
MD5
6e9fde86f1ebc90f06cb984651d843e5
-
SHA1
5dbf7d3fe3245045827a3daf9ae31bdd0f44195c
-
SHA256
dbe4bfcec54587629aff611def62a726d0faae2ac3d1603b10b2bb477eb358e3
-
SHA512
7119efad08b396bfabe6051cb3f7687617fda9c33c2fd9f1aa3393ea32b5fb4d329fdce75e686d684a67dfedc80871f8b9a86a932a66e2369df75d9f92fddde9
-
SSDEEP
12288:lbqn8OCcQ3d8MEZTb2YuX9/1QBD8I8+GfRwIdf4q+1/Rw38+FSRPD7bqCafFPCjh:McdbEZTiYAAc+u1fMNO3D4PnbsfM
Static task
static1
Behavioral task
behavioral1
Sample
DKyVKmgVSvviRl.bat
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
DKyVKmgVSvviRl.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
aMLjTIhBvevLGx.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
aMLjTIhBvevLGx.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
details.lnk
Resource
win7-20240903-en
Malware Config
Extracted
bumblebee
0411
192.119.120.146:443
54.37.131.10:443
146.70.139.252:443
Targets
-
-
Target
DKyVKmgVSvviRl.bat
-
Size
1KB
-
MD5
a3278817a228bfe014efa23c1f5ea606
-
SHA1
577b3550e9fae158aa5020c0e2eec4159657b261
-
SHA256
b00a6c38740aece0bf52e3ae04523ed03009908353709de8463580bb628c2c1e
-
SHA512
c74a1feac03c9a0cf7d9e53547cde5df06bafdde73d1bf1f289c42c9deb23c269f6a732a3de095e4f579b320adc7cd18568565c437f4d1b8db0ec3d2aedd269e
-
Bumblebee family
-
Blocklisted process makes network request
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
-
-
Target
aMLjTIhBvevLGx.dll
-
Size
997KB
-
MD5
59dc887601cbaaead82bfe63e5e38340
-
SHA1
77f4828ed6eaf990c2d3e50c0b6f041519d52a2d
-
SHA256
54752a51b0024f0cf90d7cab52f97cc7798fd5bda8e03b9ade44ee45638dbe8e
-
SHA512
041fb2a37793630683cdfbe7538fc6a44d4550a21b67df3b24147d72001d01d3898c79db210311aebd913854cb3647de23b2599e945a9ef3004906c68bf0d714
-
SSDEEP
24576:gOaBNP2MOnriAaG4tmHjf6wv2nybJpxm9EsYqdwu:gOaH2MOrf/4tQ3J7mcq
Score1/10 -
-
-
Target
details.lnk
-
Size
995B
-
MD5
318e9e89ec41466076292116a0e97880
-
SHA1
74a79d98c63ecb86c69bcd0346a346f1e4f85626
-
SHA256
ea1d322b8acea3e0d92846895391f96123f54fa1eb641b42a29ddd4b856b3065
-
SHA512
45151567ff4a7b810ebb6995c09038c06cc1dad08dc197a02ae2a705e46bcafeb3a080a706a39f5b272d3b88332c3524ebbc7c4bc7f1bb4e32a09c859e4aee18
-
Bumblebee family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-