bumblebee

General

Target

bumblebeepayload.txt
Size

1.1MB
Sample

220824-z2pxgscah9
MD5

1b83c062f95066dbbb9a11e10dbef1da
SHA1

13d59b078eb8e200ea398038550441cd5a844c8a
SHA256

1b26c2a0a53fb807a0decf7118704ca03a1eb1728e29c4f84f9886ca8ab1f021
SHA512

5b2bc43dbf0d06570739081413e3e46d5d2012eaef9ce71f04b53aeff6eccb826c74d7cc3724fd158ad5cd738441091ea09087056cd06c21358986c8973626e7
SSDEEP

24576:S5gRQXtgtB3gieIBOf0OU9Zx/vqqsgy2Ye5hnw49Q:0etB7PBOf0F9Zx/9/y2YG9w

Score

10^/10

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

2408

C2

108.30.109.238:341

107.21.49.73:412

212.227.199.94:119

26.88.252.40:148

217.243.85.139:190

50.20.147.145:346

115.58.47.223:480

150.158.205.226:428

222.132.86.189:463

112.102.174.20:379

94.49.121.33:341

131.233.140.11:104

85.118.251.137:412

183.89.9.91:295

219.98.254.216:386

33.218.244.230:266

29.167.160.212:332

78.193.54.213:166

86.214.84.193:173

98.206.43.235:371

rc4.plain

Targets

- Target
  
  bumblebeepayload.txt
- Size
  
  1.1MB
- MD5
  
  1b83c062f95066dbbb9a11e10dbef1da
- SHA1
  
  13d59b078eb8e200ea398038550441cd5a844c8a
- SHA256
  
  1b26c2a0a53fb807a0decf7118704ca03a1eb1728e29c4f84f9886ca8ab1f021
- SHA512
  
  5b2bc43dbf0d06570739081413e3e46d5d2012eaef9ce71f04b53aeff6eccb826c74d7cc3724fd158ad5cd738441091ea09087056cd06c21358986c8973626e7
- SSDEEP
  
  24576:S5gRQXtgtB3gieIBOf0OU9Zx/vqqsgy2Ye5hnw49Q:0etB7PBOf0F9Zx/9/y2YG9w
Score

10^/10

bumblebee 2408 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2