bumblebee | d1d9d5c8ac57cabcd8c6e92cdff2f5e04913d224fd3a153a3b1234b1ba94745d | Triage

Sharing

General

Target

files.zip
Size

1.9MB
Sample

221031-xn68hachep
MD5

a3dd8cceb007213319db3183074c3fe2
SHA1

9c52868f6b2a57c69229a767d91f13defc65a4c7
SHA256

d1d9d5c8ac57cabcd8c6e92cdff2f5e04913d224fd3a153a3b1234b1ba94745d
SHA512

5c0c65af7faaeeda6aac7c64820b785bb89c1f8e92b8c7cf65b6d54196d03ecf2f9af6af6835fd604e0ef252c99c72633e263119017e5523f22505b25f59300b
SSDEEP

49152:lvPXIS2khDm1sWAbk/8Sa1VlRAmoDgDbGF3FEm7MMW:l32amvALSaXdocXyVe9

Score

10^/10

bumblebee 2710vm trojan

Malware Config

Extracted

Family

bumblebee

Botnet

2710vm

C2

23.106.160.141:443

198.98.56.242:443

104.244.77.61:443

rc4.plain

Targets

- Target
  
  YBnruijYBbnbMK.bat
- Size
  
  1KB
- MD5
  
  76bdd5d90645d4d05142e52c32ba5691
- SHA1
  
  a7a8427a3333e9aa4bc4f1afe2003c30d489384c
- SHA256
  
  872a7741ca7f2cac261346385be38b91a582ec26c4160472b7b8769da884a55d
- SHA512
  
  083d71cae8b0eec7c31cfbca1f2b71ce20d7c3632ff345d154fa071348d4bef3e660abd3bd854470100e38ee4de967ba3814d1ee906e7299db20626c15fa8c1b
Score

10^/10

bumblebee 2710vm trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  required documents.lnk
- Size
  
  995B
- MD5
  
  8c234f946e3b4f57904c9b9dc2361fa7
- SHA1
  
  8ab79dfa9fb1d8f9000ba070850187d88fe097dc
- SHA256
  
  43bd0f3809340f3b58d734690305c293e0805781798d0e56552642d96a31c780
- SHA512
  
  63d73a999011659642e54c4841c1a396a5357e1163bb259aed5c1cb10c0878374fd02edd3db6b14d934aa1041fccfd7216966fcf9e926a04624edcf3d7e3071d
Score

10^/10

bumblebee 2710vm trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  vEzFDEkEeKmEBW.dll
- Size
  
  2.2MB
- MD5
  
  672ef9a2359f36e0a9dcb0227944beeb
- SHA1
  
  0d3e1b517781983f7b58e7b6b83384e83e8eb640
- SHA256
  
  8e35ce0c3fcdc14d4e441812c7856bdf6428734d8cea0b6d7c075963a5b4b307
- SHA512
  
  cb0b3d497805e25187d1b411c677f4a84180b25a9f08ffb241e2731515537a980db2215b53e22f7db872e3b79b30b4a3615ece2a5127c075c2a5b1d205774dc8
- SSDEEP
  
  49152:+lU8yggsqIDwKXtjC+Nc1zQE5eFCUhVI/VocWPR5/rr23feAH/:8OLspjV1C3/VolfTrKeAf
Score

10^/10

bumblebee 2710vm trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee2710vmtrojan

behavioral2

bumblebee2710vmtrojan

behavioral3

bumblebee2710vmtrojan

behavioral4

bumblebee2710vmtrojan

behavioral5

bumblebee2710vmtrojan

behavioral6

bumblebee2710vmtrojan