bumblebee | f533f98a7ffad645b043ccb7fc806bb13f69c60229cfde5eec04a04bf758d6ae | Triage

Sharing

General

Target

file.zip
Size

721KB
Sample

221101-zsz14afae8
MD5

ca935fc0e3d1447d1eb1f57c22c46f54
SHA1

d28e4b293da29838995ca1d78e14a9d475fc0daa
SHA256

f533f98a7ffad645b043ccb7fc806bb13f69c60229cfde5eec04a04bf758d6ae
SHA512

ed0948d76523adf7572d754074bdca730b6a9641f3caafa4ab942d5f4b5589d77a3e3339787ed3ff1ba33edf6b61e73d252157269d4a85b4e7eda881591b80f2
SSDEEP

12288:upEPKw4EqcigIMl8CRiXS+2We9T0GtxVJFmT7QXNOLgygaUhotMbnW1M0rJO48xJ:upEP9CrgIMhiXSv0GrPFRgLNgaCe8xlv

Score

10^/10

bumblebee 0111 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0111

C2

102.151.221.33:443

104.244.77.61:443

212.114.52.124:443

23.106.160.141:443

198.98.56.242:443

23.108.57.5:443

rc4.plain

Targets

- Target
  
  AxRHrzxRUiEjUG.bat
- Size
  
  1KB
- MD5
  
  02b5d8a62fd7a5418040d97f23e61b71
- SHA1
  
  a532270410388c0a38c66b733c40be871014dbef
- SHA256
  
  e42729d59278b7028d201e42f711d7da0690f3a1b9c52400c743a8fc403452cc
- SHA512
  
  cab809df72d506d3502e6ba1b58964f8333caa18a2ba205354b2ded296fcab610c71b1c4b96dbe757b4a2d290a36dbb766877393539c7d5d469dd8325646bbfc
Score

10^/10

bumblebee 0111 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  XzdVAVxwxRDMJS.dll
- Size
  
  883KB
- MD5
  
  24c6fb77f304a94bb815974915f28911
- SHA1
  
  db32739319f779d09ab34b21fc16cb0b5a319575
- SHA256
  
  fe9eb87723493d36d843b689ddbebf8a1bc634da867d85bae7068e2176b034fb
- SHA512
  
  8ee9add01406cd8004599ba1f32b0f89c8ed0a0328bfe0a52e8e61d80e484c3e2c9e8eacdc70c846a06993c84db1dc7ea6c4dbe21bdffec0c45d62bad1732da2
- SSDEEP
  
  24576:QOpVeLbkxqoAet8iMvJNOZ3tKcwet4jJklGil:QuVeLwai0OZgcwetdB
Score

3^/10
behavioral3 behavioral4
- Target
  
  required info.lnk
- Size
  
  995B
- MD5
  
  f0555c679b00d40934f69bbbd0f9ba38
- SHA1
  
  a746c1aa481e7cd9667b07755205e38a6b659308
- SHA256
  
  c60f4fe7007786b401e203a3429810666cc9685447bea269605dc97e082b5169
- SHA512
  
  bc3e47cc9f6bad9ced9c6f0890c2397db4df2010d64ff1a7d9214fff5bf99927959763854cc1d323a5c43a936b8c34b035a9f59daa6732fe87c1ceb5cd3bdb2f
Score

10^/10

bumblebee 0111 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee0111trojan

behavioral2

bumblebee0111trojan

behavioral3

behavioral4

behavioral5

bumblebee0111trojan

behavioral6

bumblebee0111trojan