The Hidden Bee infection chain, part 1: the stegano pack | Malwarebytes Labs
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Model Dns - T1071.004 Dns - T1590.002 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Hypervisor - T1062 |
Common Information
| Type | Value |
|---|---|
| UUID | c5d8d731-4732-4f84-aebe-253e9f665bdb |
| Fingerprint | 2e2304300cb505d1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 15, 2019, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | The Hidden Bee infection chain, part 1: the stegano pack |
| Title | The Hidden Bee infection chain, part 1: the stegano pack | Malwarebytes Labs |
| Detected Hints/Tags/Attributes | 46/2/43 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 24 | cve-2015-5122 |
|
| Details | Domain | 42 | com.google |
|
| Details | Domain | 1 | dns.howtocom.site |
|
| Details | Domain | 1 | bbs.favcom.space |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 172 | dllhost.exe |
|
| Details | File | 2 | captcha.png |
|
| Details | File | 1 | movies.swf |
|
| Details | File | 11 | config.cfg |
|
| Details | File | 146 | wininet.dll |
|
| Details | File | 16 | cabinet.dll |
|
| Details | File | 3 | wiki.php |
|
| Details | File | 1 | q5ul78uv4b4q8bg8d95canrsns.jpg |
|
| Details | File | 1 | minimal.bin |
|
| Details | File | 6 | setup.bin |
|
| Details | File | 13 | devenv.exe |
|
| Details | File | 71 | wireshark.exe |
|
| Details | File | 26 | vmacthlp.exe |
|
| Details | File | 74 | procmon.exe |
|
| Details | File | 40 | ollydbg.exe |
|
| Details | File | 11 | idag.exe |
|
| Details | File | 11 | immunitydebugger.exe |
|
| Details | File | 35 | windbg.exe |
|
| Details | File | 1 | ehsniffer.exe |
|
| Details | File | 4 | iris.exe |
|
| Details | File | 64 | procexp.exe |
|
| Details | File | 29 | filemon.exe |
|
| Details | File | 24 | fiddler.exe |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 7 | coredll.bin |
|
| Details | md5 | 1 | 1953032199142ea8c5872107da8f2297 |
|
| Details | md5 | 1 | 9aec11ff93b9df14f060f78fbb1b47a2 |
|
| Details | md5 | 1 | 9b37c9ec19a53007d450b9b9c8febbe2 |
|
| Details | md5 | 1 | 769a05f0eddd6ef2ebdd13618b244758 |
|
| Details | md5 | 1 | 937a4eadd6f5a94b3738a58dcc79ca13 |
|
| Details | md5 | 1 | 357e27e8af72925144ec1db2421d0cc5 |
|
| Details | md5 | 1 | 001bdc26b2845dcf839f67a8760c6839 |
|
| Details | md5 | 1 | d1a2fdc79c154b120a0e52c46a73478d |
|
| Details | IPv4 | 2 | 38.75.137.9 |
|
| Details | Url | 1 | http://38.75.137.9:9088/pubs/wiki.php?id=937a4eadd6f5a94b3738a58dcc79ca13 |
|
| Details | Url | 1 | http://38.75.137.9:9088/images/captcha.png?mod=attachment&u=357e27e8af72925144ec1db2421d0cc5< |
|
| Details | Url | 1 | http://38.75.137.9:9088/views/q5ul78uv4b4q8bg8d95canrsns.jpg |