http://downloads.bablosoft.com/distr/FastExecuteScriptProtected64/25.4.1/FastExecuteScriptProtected.x64.zip

bablosoft.com(51.38.126.82)
downloads.bablosoft.com(54.37.204.238)
54.37.204.238
51.38.126.82

ET INFO Browser Automation Toolkit in DNS Lookup (bablosoft .com)
ET MALWARE Observed DNS Query to bablosoft Domain (downloads .bablosoft .com)
ET INFO Browser Automation Toolkit in TLS SNI (bablosoft .com)
ET INFO Observed Bablosoft BAS Related SSL Cert (bablosoft .com)

0xtmu3tz.life()
6xhpschv.life()
luw8ubf2.life(85.17.31.82)
zefawfb0.life(94.131.9.114)
n64c2akw.life(5.79.71.225)
6o26tws0.life()
3nmeg5wa.life()
r5ue5rok.life()
37zi55wc.life()
aqnx9c9h.life()
4huoqrsp.life()
dph3pby8.life(192.71.249.220)
et53yjoc.life()
rbvsf6io.life()
1qa3k743.life(85.17.31.82)
hx0hysyg.life(185.248.144.178)
8qwcvseh.life()
i9f44mju.life()
tvgco82h.life()
5.79.71.205 - suspicious

ET INFO Observed DNS Query to .life TLD
ET MALWARE Win32/Bumblebee Loader Checkin Activity