bumblebee | 6b2e4c9b0579938ce73bd39874b58a8f67c24f49a188f1f0ae6bcde26fb8b084 | Triage

Sharing

General

Target

20221101.zip.zip
Size

723KB
Sample

221101-1kb5qsgahn
MD5

30a753619a2e3788dc9244c207762dc0
SHA1

b44e58127bdf31da0964212cba1a126ce2a1feb5
SHA256

6b2e4c9b0579938ce73bd39874b58a8f67c24f49a188f1f0ae6bcde26fb8b084
SHA512

4f5ade84fd869574db7a17c00fa0450f8d3f03ba9f9c4f4a22363027c2345f91096557d6691ebb24553caff98e5a619c6293a404eba16f92eb30aa142831cfd0
SSDEEP

12288:so/RItcfrA4f2bYJABhnVvsBQhG9SS0muEcRjOPr8v/S7eWUIU2wsaJL/0jSS0k6:x/2a/ebesDUQvC5tbaJbkSS0Ms7R

Score

10^/10

bumblebee 0111 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0111

C2

102.151.221.33:443

104.244.77.61:443

212.114.52.124:443

23.106.160.141:443

198.98.56.242:443

23.108.57.5:443

rc4.plain

Targets

- Target
  
  BOiQKiECaUzWqF.dll
- Size
  
  885KB
- MD5
  
  df097341b231b1f68d9447a8a36f367b
- SHA1
  
  ef1bf0b295ff089febb3e4362d7c0d46431de842
- SHA256
  
  9bb35cecb773eb4a9545820b8328ccebc07843ec2cdfa60f2a1f78c90489d5b1
- SHA512
  
  a13dab104405ed2305b14a9b79eacbbcca66f98147841c2696bf1cea2849664c033f082f355380f4b245111283697219e1dfd0ce42f6919e27197c488e824714
- SSDEEP
  
  24576:aLqITcNf0GMRydz8bUdO9Uf4fj80xAwpncebwRbc:YqIghyYzmWyFFp1w
Score

3^/10
behavioral1 behavioral2
- Target
  
  eLWCBMEWwlzsBt.bat
- Size
  
  1KB
- MD5
  
  a8071866320d5925502c2126defdd8e7
- SHA1
  
  c27c9e20cb2d75604e4eb706ef1532c45652e1ad
- SHA256
  
  a466d8918e30568b17a4e8e35a658070d525a6742a4e211b031e0daec7277a2b
- SHA512
  
  588af1181f3b85145f29d8b7c12de425d0285d76d7fdf25a04a097ae5c97556cd9f45fdc3d003c8d2af66fcdd5f0c35db82bae0f4a5daff596ad9953e0f5eee0
Score

10^/10

bumblebee 0111 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  required info.lnk
- Size
  
  995B
- MD5
  
  08f421202c12f81c8fc56b4abd54f8c0
- SHA1
  
  00484c7d6fe78c4d6c85e2ee92d6edd8e01bca0a
- SHA256
  
  6dab064f55ba8832d0cb9afa1658da288e4c361f5c72df963c14b4321e9c3799
- SHA512
  
  aec8bb173cfc61fe0ac9cdd80c320555652d1b6aade4adcfac8f78f1d06d4bc0f59bf2df876a9a8d617ac27430615acc4661af90fa2812768cf450fa1dd9981f
Score

10^/10

bumblebee 0111 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

bumblebee0111trojan

behavioral4

bumblebee0111trojan

behavioral5

bumblebee0111trojan

behavioral6

bumblebee0111trojan