Overview

overview

10

Static

static

3

38f8f20eae...bc.pdf

windows10-2004-x64

10

Resubmissions

06-12-2024 10:33

241206-mlpwbssrct 10

06-12-2024 10:28

241206-mh1tessqbs 8

06-12-2024 02:25

241206-cwfeja1mgn 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38f8f20eae06e575938ffbeb64e31c9310e8c0ab50a2bc231f3aa9777abc3dbc.pdf

  • Size

    16KB

  • Sample

    241206-mlpwbssrct

  • MD5

    e51378e49d1aa79ce88c018d748a186c

  • SHA1

    d2e31a96af911a0cf932ec860ce839e254fbd5c8

  • SHA256

    38f8f20eae06e575938ffbeb64e31c9310e8c0ab50a2bc231f3aa9777abc3dbc

  • SHA512

    0f28b75712bcc9307e8bfe0b9c692cf1f582c957a718dde3eed7485c4e050075ef45ad49f57ade1536ac6b4c6418a26656318bc630156936892fd2c999fa0604

  • SSDEEP

    384:9q3MsrhjEN4gQ3micNexY27IEPCUSkSaHTeOHAgJlATCUSN:9q3prh04d2aFU2dHTDHv62

Score
10/10
bumblebee1discoveryexecutionlinkloadermotwpdfphishing

Malware Config

Extracted

Family

bumblebee

Botnet

1

Attributes
  • dga

    45urhm0ldgxb.live

    gx6xly9rp6vl.live

    zv46ga4ntybq.live

    7n1hfolmrnbl.live

    vivh2xlt9i6q.live

    97t3nh4kk510.live

    kbkdtwucfl40.live

    qk6a1ahb63uz.live

    whko7loy7h5z.live

    dad1zg44n0bn.live

    7xwz4hw8dts9.live

    ovekd5n3gklq.live

    amwnef8mjo4v.live

    e7ivqfhnss0x.live

    rjql4nicl6bg.live

    4mo318kk29i4.live

    zpo18lm8vg1x.live

    jc51pt290y0n.live

    rg26t2dc4hf4.live

    qw9a58vunuja.live

    ugm94zjzl5nl.live

    mckag832orba.live

    pdw0v9voxlxr.live

    m4tx2apfmoxo.live

    n2uc737ef71m.live

    hkk3112645hz.live

    ugko9g5ipa4o.live

    8wgq2x4dybx9.live

    h81fx7sj8srr.live

    a4tgoqi1cm8x.live

  • dga_seed

    7834006444057268685

  • domain_length

    12

  • num_dga_domains

    300

  • port

    443

rc4.plain

Targets

    • Target

      38f8f20eae06e575938ffbeb64e31c9310e8c0ab50a2bc231f3aa9777abc3dbc.pdf

    • Size

      16KB

    • MD5

      e51378e49d1aa79ce88c018d748a186c

    • SHA1

      d2e31a96af911a0cf932ec860ce839e254fbd5c8

    • SHA256

      38f8f20eae06e575938ffbeb64e31c9310e8c0ab50a2bc231f3aa9777abc3dbc

    • SHA512

      0f28b75712bcc9307e8bfe0b9c692cf1f582c957a718dde3eed7485c4e050075ef45ad49f57ade1536ac6b4c6418a26656318bc630156936892fd2c999fa0604

    • SSDEEP

      384:9q3MsrhjEN4gQ3micNexY27IEPCUSkSaHTeOHAgJlATCUSN:9q3prh04d2aFU2dHTDHv62

    Score
    10/10
    bumblebee1discoveryexecutionloadermotwphishing

    • BumbleBee

      BumbleBee is a loader malware written in C++.

      loaderbumblebee

    • Bumblebee family

      bumblebee

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

      phishingmotw
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks