Malware updated 15 days ago (2024-11-29T13:51:02.041Z)
Download STIX
Preview STIX
Bubblewrap is a malware that was observed being uploaded by the admin@338 threat group to their Dropbox account. The malware is a second stage backdoor that can communicate using HTTP, HTTPS, or a SOCKS proxy and is set to run when the system boots. The admin@338 group has been previously seen using Bubblewrap and uses a first stage malware called LOWBALL to collect information about interesting targets before delivering the second stage malware.
The particular sample of Bubblewrap analyzed connected to the CnC domain accounts.serveftp[.]com, which resolved to an IP address previously used by the group but had not been active for some time prior to this recent activity. Upon execution, the malware uses a specific command to rename a file to audiodg.exe and start it, as well as collect system information and download data from the D: drive. Bubblewrap is a dangerous malware that can steal personal information from infected systems and disrupt operations.
It is important for individuals and organizations to be vigilant in protecting their systems from malware such as Bubblewrap by avoiding suspicious downloads, emails, or websites, and regularly updating antivirus software. In addition, it is recommended to back up important data to minimize the impact of a potential malware attack.
Description last updated: 2023-06-23T18:19:48.160Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the BUBBLEWRAP Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more