bumblebee

General

Target

f82d15eed385a7a913b98a28bce9b27a7e3611e1c0c4d9fa65741d3fdd76d23c.msi
Size

85.7MB
Sample

250205-e38e1a1pbm
MD5

bf866d9b4395b3c819a4cd3fd639c412
SHA1

79b7f01af68b13036a493e25c83d80457a654c4c
SHA256

f82d15eed385a7a913b98a28bce9b27a7e3611e1c0c4d9fa65741d3fdd76d23c
SHA512

8c80f7d86d8b4df1c73b2da3cecd09f02a28b57edcf3e2597e874e549ff7cf183acb644a731ed95fb29aeea3334fc72d9144f536ad7e4868b6eec63a4bd83e13
SSDEEP

1572864:BWVw9CW/3bB1B68jRGRdJFqisNA6IwEU7dwq3LnEpF2UOrZ+c4CGFyzodK2aZq9:BW5SrB6uRG6iQIu5LEzVON+vCjVY

Score

10^/10

bumblebee 2 discovery loader persistence privilege_escalation

Malware Config

Extracted

Family

bumblebee

Botnet

2

Attributes

dga
45urhm0ldgxb.live

gx6xly9rp6vl.live

zv46ga4ntybq.live

7n1hfolmrnbl.live

vivh2xlt9i6q.live

97t3nh4kk510.live

kbkdtwucfl40.live

qk6a1ahb63uz.live

whko7loy7h5z.live

dad1zg44n0bn.live

7xwz4hw8dts9.live

ovekd5n3gklq.live

amwnef8mjo4v.live

e7ivqfhnss0x.live

rjql4nicl6bg.live

4mo318kk29i4.live

zpo18lm8vg1x.live

jc51pt290y0n.live

rg26t2dc4hf4.live

qw9a58vunuja.live

ugm94zjzl5nl.live

mckag832orba.live

pdw0v9voxlxr.live

m4tx2apfmoxo.live

n2uc737ef71m.live

hkk3112645hz.live

ugko9g5ipa4o.live

8wgq2x4dybx9.live

h81fx7sj8srr.live

a4tgoqi1cm8x.live

kse2q7uxyrwp.live

mfwnbxvt9qme.live

x99ahfftf28l.live

9n6bmko47gxe.live

6l96lk6edlyf.live

st5j8zqdrppf.live

dxjeucbj4p0j.live

bnpuxnov7lhr.live

a8bxv8lqe1m0.live

yczi2ujcyyro.live

sbeo0cztn1kh.live

o337yf9fh4bf.live

zoki7ma89z7b.live

x2r9bglz76r7.live

wi1w9yu1vush.live

mtqdvzkai700.live

r6o2sj70m85m.live

ut6qohwra5lm.live

9yi98fh7usy1.live

kkpjp9jzbzba.live

whvffwd7zphw.live

uztmazsno4y5.live

i3iubj73c21c.live

b72o02l2ilc6.live

wom4o4cutfx6.live

fek3qya20lid.live

nhkvd56j82xw.live

midyxlu6b22f.live

vp9c9rziba2a.live

rkffupb7i1gv.live

8u7r35mu2e4g.live

3c2xflq8mztc.live

wswis3sptby1.live

9rib57u1zu3c.live

sv3pldc5gkdl.live

bmdcn5celetq.live

y3mpywhmem7t.live

avwtkc23ffmw.live

nvgirtryox1z.live

3rlfa7w0bz37.live

vy9u47oyzltu.live

ysdwk0l8xass.live

tbt0aqol3sp2.live

xqqoo0a8zk0w.live

nevkq7lku38l.live

5u42wjin0vfz.live

y626kbnryktm.live

5k9b8nmc0x8r.live

i18t3jshekua.live

4hk1bcnxbse0.live

si00bu9fv5he.live

g3in90m5caz2.live

f6s4n6w41oov.live

sgl7og2qswmm.live

vrrbk7ykz8h1.live

zl7bmlfq8n9w.live

qydstwmw2imy.live

y9s73mnvurxr.live

7zggkh833im1.live

cvnsiogvl3kt.live

enf3gev34gis.live

doj6z5i9g803.live

zsm954jr5ek4.live

6z96z4mk84dc.live

e0et68offggh.live

au97foecnlrm.live

3ibjpmls5x46.live

mmmpa1byo300.live

3e60zvd64d8y.live

zt3nnzr70hn0.live
dga_seed
7834006444057268685
domain_length
12
num_dga_domains
300
port
443

rc4.plain

Targets

- Target
  
  f82d15eed385a7a913b98a28bce9b27a7e3611e1c0c4d9fa65741d3fdd76d23c.msi
- Size
  
  85.7MB
- MD5
  
  bf866d9b4395b3c819a4cd3fd639c412
- SHA1
  
  79b7f01af68b13036a493e25c83d80457a654c4c
- SHA256
  
  f82d15eed385a7a913b98a28bce9b27a7e3611e1c0c4d9fa65741d3fdd76d23c
- SHA512
  
  8c80f7d86d8b4df1c73b2da3cecd09f02a28b57edcf3e2597e874e549ff7cf183acb644a731ed95fb29aeea3334fc72d9144f536ad7e4868b6eec63a4bd83e13
- SSDEEP
  
  1572864:BWVw9CW/3bB1B68jRGRdJFqisNA6IwEU7dwq3LnEpF2UOrZ+c4CGFyzodK2aZq9:BW5SrB6uRG6iQIu5LEzVON+vCjVY
Score

10^/10

bumblebee 2 discovery loader persistence privilege_escalation
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Bumblebee family
  bumblebee
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2