bumblebee

General

Target

bb.bin
Size

1.1MB
Sample

220817-2kmf5sgfg9
MD5

da6feac8dff2a44784be3d078f2d4ac3
SHA1

c0f43d1d3e87b0e8b86b4b9e91cb55b4a1893b48
SHA256

9bd9da44cc2d259b8c383993e2e05bbe1bcdac917db563b94e824b4b1628e87c
SHA512

920b1ae2a1b33d7e6ece0524ced736ec0c03a8a8b6dea6efb6496ea429195d65cdd854879c62f6c17301613baa2d884199c5f197ef98610b330ef0d1e605980f
SSDEEP

24576:MYma2+MNU4NemNEfD/1npU9vsxR1RVOFRBDHn7:8NUxmOfD/1nyidRVOnBDHn

Score

10^/10

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

1608

C2

121.170.127.19:425

218.133.76.148:154

72.121.117.129:498

162.96.106.119:383

25.224.94.213:269

82.155.216.93:249

139.77.66.126:493

108.174.194.151:443

35.139.238.97:273

73.29.113.233:420

51.77.41.66:443

235.148.133.249:357

95.169.164.122:281

148.139.101.182:193

165.129.149.198:473

62.210.69.227:117

226.38.28.172:414

232.222.204.156:299

235.200.212.246:168

132.252.111.96:215

rc4.plain

Targets

- Target
  
  bb.bin
- Size
  
  1.1MB
- MD5
  
  da6feac8dff2a44784be3d078f2d4ac3
- SHA1
  
  c0f43d1d3e87b0e8b86b4b9e91cb55b4a1893b48
- SHA256
  
  9bd9da44cc2d259b8c383993e2e05bbe1bcdac917db563b94e824b4b1628e87c
- SHA512
  
  920b1ae2a1b33d7e6ece0524ced736ec0c03a8a8b6dea6efb6496ea429195d65cdd854879c62f6c17301613baa2d884199c5f197ef98610b330ef0d1e605980f
- SSDEEP
  
  24576:MYma2+MNU4NemNEfD/1npU9vsxR1RVOFRBDHn7:8NUxmOfD/1nyidRVOnBDHn
Score

10^/10

bumblebee 1608 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2