Overview

overview

10

Static

static

10

bum_0109.dll

windows7-x64

10

bum_0109.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bum_0109.bin

  • Size

    1.1MB

  • Sample

    220901-wb67ashabj

  • MD5

    7505f06d4c671c572f550cba3d34e2ea

  • SHA1

    e59a8fd2d359443e11f94417f53cc9333dd8cfc7

  • SHA256

    34781ec029c522322a117d0aee0de90eb6bb9f80f2c640c84f16ec6809f5723a

  • SHA512

    5320d4fcd16088e42950907fa9109d0e7b8472676b8bd080d9e481ba6114c053ccbafa16122b4e6142ea2fe31ef05413f1a4094bb4d31597278ba7c053076e25

  • SSDEEP

    24576:9x2ubccfCEN1Wpv9hOQn7G9Zx/tGggFQhrxtxcZfeoO:RTCyWN9QQnq9Zx/ZgShrxtyfeo

Score
10/10
bumblebee0109trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0109

C2

217.112.111.163:374

199.128.166.154:140

62.217.108.163:315

232.253.120.235:386

169.238.137.193:236

239.251.156.113:460

196.74.172.19:193

244.25.44.67:365

34.239.32.188:367

9.8.182.200:421

55.50.175.136:247

104.11.216.173:422

74.158.154.0:359

168.70.90.68:318

45.147.230.233:443

93.161.137.130:254

146.19.173.173:443

214.207.72.239:329

198.98.52.145:443

166.225.211.15:309
rc4.plain

Targets

    • Target

      bum_0109.bin

    • Size

      1.1MB

    • MD5

      7505f06d4c671c572f550cba3d34e2ea

    • SHA1

      e59a8fd2d359443e11f94417f53cc9333dd8cfc7

    • SHA256

      34781ec029c522322a117d0aee0de90eb6bb9f80f2c640c84f16ec6809f5723a

    • SHA512

      5320d4fcd16088e42950907fa9109d0e7b8472676b8bd080d9e481ba6114c053ccbafa16122b4e6142ea2fe31ef05413f1a4094bb4d31597278ba7c053076e25

    • SSDEEP

      24576:9x2ubccfCEN1Wpv9hOQn7G9Zx/tGggFQhrxtxcZfeoO:RTCyWN9QQnq9Zx/ZgShrxtyfeo

    Score
    10/10
    bumblebee0109trojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks