bumblebee

Sharing

Copy URL

Twitter E-mail

General

Target

834875b1149dde2148145b28f379c37235d4eb9671ddaeb7722b7c0e75c2aca9.msi
Size

5.3MB
Sample

250310-p21nwavpw5
MD5

b6a96e71ad5c0f9b96b2f1d7021e4e09
SHA1

73eabaad78c61de825ed0c8bec9e3b81f5568dbd
SHA256

834875b1149dde2148145b28f379c37235d4eb9671ddaeb7722b7c0e75c2aca9
SHA512

bff28c1b4b7e3ca6dbfdf44203bb06c0872e5b2e29eceea39f1669afc783527be40460d73d50ea1a9cee9583c8fd538f5b14f3481aa42cca1e0bef9da9c8a800
SSDEEP

98304:/Hrk3bVI2OzboNeQBWkl43yRev9CcTnuKLFKcwD8OfL4vWmCP82wajDOOInENX:jsq5zboN6F9BLuuKcxOfL4vW225jDOO/

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

10111

Attributes

dga
vca3utda017.click

knvop5puf3w.click

fuoor4i9488.click

e27y0btovqa.click

4td54jwr0zo.click

8u1tf686x8r.click

7rbvv9nr7ux.click

0qlcz1igan7.click

1ywg4j0oomt.click

uk2cx2bz9oh.click

mmh6zjh9rws.click

tyv7socu189.click

nu1ry3ywid2.click

qbjc9488vee.click

v8tarf4uflp.click

nubhcl6uvd6.click

pj2h7xw21zx.click

n22xrd1xrto.click

1age5rpmnbq.click

s7ebb7t79vn.click

t8vxfebri9r.click

77ch3dlvcuc.click

4k2znm7tg08.click

ie4jzevdaka.click

pweekbw7x9i.click

dg4j9l1r2ay.click

6linr1ga29p.click

ae4fgatomcn.click

i0rwy7k6rh8.click

zrvvmchlzab.click

ld6w0ra2n5v.click

0iy3kqu94si.click

a2h8x65mhmb.click

n8sbjfep5yd.click

mxnz6y6v6it.click

tj17eq1yv9p.click

ih1fzdij3lw.click

trjwgh2g6wj.click

uecqk6x4j8t.click

b2fqqlxq123.click

efu7sqzes6x.click

7avrr81op36.click

yn20wnog91u.click

gypx84c0psc.click

tiitp659yg7.click

xdfbgydlc05.click

zpz5jkazftt.click

w5o0gvbo6gz.click

u4fhmu65x9q.click

mwu8dx0r8l6.click

hwcnz0dhias.click

zj7zlpwpgk2.click

es6fj45yryo.click

vfhfp5pv5jq.click

n6uv59241o8.click

vxg5zt80xk1.click

f8vdyr368rr.click

u0hs21xo0oj.click

lk34zp37aa8.click

qbn8ng1n4y6.click

anwx8vvu2tn.click

amwy9i160dz.click

mhd2v73drk9.click

e64hgph4fpf.click

gisulurnufk.click

wsswivqef2j.click

tay4gok6gyf.click

2wbw7n1xihz.click

otuk9puv3dy.click

8ra21ma0ldn.click

6wo9w60mg4p.click

119qwh18wha.click

88crnaq8rxq.click

l52j1936qx7.click

0ffmtln7j1y.click

c2h9uj4rq5j.click

99e0wxgydv3.click

8x4zwderijh.click

aoh4pifqjfw.click

pfga45i3mid.click

6u8p3dxuusp.click

73wkg93t6yb.click

9d2285jpz2p.click

q8h20fokn7m.click

sjq07uvdff3.click

kmm14f207e0.click

96l0jwdfwsf.click

5t86twnzcmf.click

jgyffzjilwz.click

gb52rzeqsel.click

jsnwvpzo96y.click

5ijbx337vd2.click

e107j7ub2do.click

2plnxces98r.click

6r3ypuoxg63.click

kmmfsxcqiyv.click

2aecwymugah.click

s38tusi2x3c.click

lznvqhcqtqs.click

wnmatvjf2h9.click
dga_seed
7827833623176771557
domain_length
11
num_dga_domains
300
port
443
tld
.click

rc4.plain

Targets

- Target
  
  834875b1149dde2148145b28f379c37235d4eb9671ddaeb7722b7c0e75c2aca9.msi
- Size
  
  5.3MB
- MD5
  
  b6a96e71ad5c0f9b96b2f1d7021e4e09
- SHA1
  
  73eabaad78c61de825ed0c8bec9e3b81f5568dbd
- SHA256
  
  834875b1149dde2148145b28f379c37235d4eb9671ddaeb7722b7c0e75c2aca9
- SHA512
  
  bff28c1b4b7e3ca6dbfdf44203bb06c0872e5b2e29eceea39f1669afc783527be40460d73d50ea1a9cee9583c8fd538f5b14f3481aa42cca1e0bef9da9c8a800
- SSDEEP
  
  98304:/Hrk3bVI2OzboNeQBWkl43yRev9CcTnuKLFKcwD8OfL4vWmCP82wajDOOInENX:jsq5zboN6F9BLuuKcxOfL4vW225jDOO/
Score

10^/10

bumblebee 10111 discovery loader persistence privilege_escalation
- BumbleBee
  BumbleBee is a loader malware written in C++.
  loader bumblebee
- Bumblebee family
  bumblebee
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1