bumblebee | d1ed15a69c112b048936201fe8e816828346168cf02838086d89843a4041b94b | Triage

Sharing

General

Target

d4a1f8bfa09c151163399befc009d4d1e39b2c8adaff3489d9bd31965fc56910.zip
Size

612KB
Sample

250207-w8etbasles
MD5

025c9de4d61f8c8d8184c2a273704857
SHA1

c8ed068f1a79ca4143a0ffb1e7721380a0c48f97
SHA256

d1ed15a69c112b048936201fe8e816828346168cf02838086d89843a4041b94b
SHA512

e6181f501cbc5acf05274ac47dd7be6aae6c18805438de967f35a30ece042680aef9005b97f6b30d1fa30eb737b0958a6ca6fbcb4450604babb9c0b4e146926b
SSDEEP

12288:uOxu4a8Vx+nsHER1jJ1P3Gx0i1wYNjj9BUPeactCY:uOwcx4sM1jJ1PWxTBdj9AU

Score

10^/10

bumblebee mc1905 discovery

Malware Config

Extracted

Family

bumblebee

Botnet

mc1905

C2

92.119.178.40:443

32.54.188.44:443

194.135.33.160:443

192.198.82.59:443

103.175.16.151:443

rc4.plain

Targets

- Target
  
  d4a1f8bfa09c151163399befc009d4d1e39b2c8adaff3489d9bd31965fc56910
- Size
  
  1.3MB
- MD5
  
  7776efe8ac7d8b3b6c27f4ba8e7b1545
- SHA1
  
  edb2bba906cf50d19338a1c8333e67e5f4cddee9
- SHA256
  
  d4a1f8bfa09c151163399befc009d4d1e39b2c8adaff3489d9bd31965fc56910
- SHA512
  
  89906fe0afc8714b3757dd1d6c0e5fa6701bc2581831c0efeb5f33bcf06fbae2d160d6f17118866f0bcc7081de532dec57f44f29777a77cbef0b27fda29e6b82
- SSDEEP
  
  24576:LO2dVaRrhSk8Bhwm2z8f6ZzoIo9Zx/f9FwwxlXwFU8Ygbi:wrEk8wm2Yf6Zdo9Zx/nrxRR8F+
Score

8^/10

discovery
- Downloads MZ/PE file
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

mc1905bumblebee

behavioral1

behavioral2