Resubmissions

02-12-2024 11:16

241202-ndkr3sxpdq 10

29-11-2024 12:55

241129-p5775awnhv 10

General

  • Target

    d9060dfa2592d33946220f9a80864f50d11f680ba5f7774e81fc43879a848c60.zip

  • Size

    727KB

  • Sample

    241129-p5775awnhv

  • MD5

    6e9fde86f1ebc90f06cb984651d843e5

  • SHA1

    5dbf7d3fe3245045827a3daf9ae31bdd0f44195c

  • SHA256

    dbe4bfcec54587629aff611def62a726d0faae2ac3d1603b10b2bb477eb358e3

  • SHA512

    7119efad08b396bfabe6051cb3f7687617fda9c33c2fd9f1aa3393ea32b5fb4d329fdce75e686d684a67dfedc80871f8b9a86a932a66e2369df75d9f92fddde9

  • SSDEEP

    12288:lbqn8OCcQ3d8MEZTb2YuX9/1QBD8I8+GfRwIdf4q+1/Rw38+FSRPD7bqCafFPCjh:McdbEZTiYAAc+u1fMNO3D4PnbsfM

Score
10/10

Malware Config

Extracted

Family

bumblebee

Botnet

0411

C2

192.119.120.146:443

54.37.131.10:443

146.70.139.252:443

rc4.plain

Targets

    • Target

      DKyVKmgVSvviRl.bat

    • Size

      1KB

    • MD5

      a3278817a228bfe014efa23c1f5ea606

    • SHA1

      577b3550e9fae158aa5020c0e2eec4159657b261

    • SHA256

      b00a6c38740aece0bf52e3ae04523ed03009908353709de8463580bb628c2c1e

    • SHA512

      c74a1feac03c9a0cf7d9e53547cde5df06bafdde73d1bf1f289c42c9deb23c269f6a732a3de095e4f579b320adc7cd18568565c437f4d1b8db0ec3d2aedd269e

    Score
    10/10
    • BumbleBee

      BumbleBee is a loader malware written in C++.

    • Bumblebee family

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Target

      aMLjTIhBvevLGx.dll

    • Size

      997KB

    • MD5

      59dc887601cbaaead82bfe63e5e38340

    • SHA1

      77f4828ed6eaf990c2d3e50c0b6f041519d52a2d

    • SHA256

      54752a51b0024f0cf90d7cab52f97cc7798fd5bda8e03b9ade44ee45638dbe8e

    • SHA512

      041fb2a37793630683cdfbe7538fc6a44d4550a21b67df3b24147d72001d01d3898c79db210311aebd913854cb3647de23b2599e945a9ef3004906c68bf0d714

    • SSDEEP

      24576:gOaBNP2MOnriAaG4tmHjf6wv2nybJpxm9EsYqdwu:gOaH2MOrf/4tQ3J7mcq

    Score
    1/10
    • Target

      details.lnk

    • Size

      995B

    • MD5

      318e9e89ec41466076292116a0e97880

    • SHA1

      74a79d98c63ecb86c69bcd0346a346f1e4f85626

    • SHA256

      ea1d322b8acea3e0d92846895391f96123f54fa1eb641b42a29ddd4b856b3065

    • SHA512

      45151567ff4a7b810ebb6995c09038c06cc1dad08dc197a02ae2a705e46bcafeb3a080a706a39f5b272d3b88332c3524ebbc7c4bc7f1bb4e32a09c859e4aee18

    Score
    10/10
    • BumbleBee

      BumbleBee is a loader malware written in C++.

    • Bumblebee family

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks