bumblebee | bd9f0668b465891dbacd4fe217df1ea91042b2c711b2d26fdbb057ece06e830b | Triage

Sharing

General

Target

Document_9109.iso
Size

978KB
Sample

221102-1kd94acaa8
MD5

2f2721079b1fe617302d6d7cc454c11b
SHA1

511e48d97d0e65b85db36c6faad7212f1838105d
SHA256

bd9f0668b465891dbacd4fe217df1ea91042b2c711b2d26fdbb057ece06e830b
SHA512

afac900897416d62f294258092ddd80014f1700950f01e54b90e17f2fe2a455e8773c80108ad1daf933ada27d177631e47ba783472635c562ad1217f268ecef0
SSDEEP

24576:JF1A7ynR+djiZJmZqNd8fBpO8ZCK0zCXAfV4/:JF1znQJOsW8DOYAz1fVs

Score

10^/10

bumblebee 0211r trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0211r

C2

193.109.120.156:443

192.111.146.184:443

104.219.233.113:443

rc4.plain

Targets

- Target
  
  Document_9109.iso
- Size
  
  978KB
- MD5
  
  2f2721079b1fe617302d6d7cc454c11b
- SHA1
  
  511e48d97d0e65b85db36c6faad7212f1838105d
- SHA256
  
  bd9f0668b465891dbacd4fe217df1ea91042b2c711b2d26fdbb057ece06e830b
- SHA512
  
  afac900897416d62f294258092ddd80014f1700950f01e54b90e17f2fe2a455e8773c80108ad1daf933ada27d177631e47ba783472635c562ad1217f268ecef0
- SSDEEP
  
  24576:JF1A7ynR+djiZJmZqNd8fBpO8ZCK0zCXAfV4/:JF1znQJOsW8DOYAz1fVs
Score

3^/10
behavioral1 behavioral2
- Target
  
  Document.lnk
- Size
  
  1KB
- MD5
  
  0f051e86ab04f84ad354c087845d0cf2
- SHA1
  
  616221cc7bb32d2aacbb9d5823facc1028423359
- SHA256
  
  b2483732097235ca6507a5126150cf1156dc4b636736fce96b821f8c0e2d4619
- SHA512
  
  abc4d5c16fb35fd90015e68a98e8ee07add2081730edaaf33f578c6476ec8d6a32444db13040e30cd5228b4b2041f5499b5c453cc6179c73c3af4cc11b27901c
Score

3^/10
behavioral3 behavioral4
- Target
  
  maidservant/allotting.cmd
- Size
  
  360B
- MD5
  
  632afe6f5bbef63ac726f3451f9370fa
- SHA1
  
  c263fdd3ead0c37f3f34d1b0fc3f8b3777a0052c
- SHA256
  
  c5ab120d4fa2cff625c3b4a6cad370ed95ebd8b0b28f90e4453431fed9c68e96
- SHA512
  
  ec58d9bdb3cefbb246258a7ebabde49d16805b4203b7e920b04ee373b5ac3573425dd2fb16a36e0db148257dda333ae0e5f6606e30dd7b5d9e5ccfad4b9c13d4
Score

1^/10
behavioral5 behavioral6
- Target
  
  maidservant/immortalized.dat
- Size
  
  884KB
- MD5
  
  f3ba88cfcbd3dce3103017c95b399c8e
- SHA1
  
  ecd6d0e7d686c967fa214db346a3e11cc0e0ad25
- SHA256
  
  58f17afc6299d6eb6f0c0321d4748758df368b03b8fc9bcd808b487d351e1c27
- SHA512
  
  7fa318016886c6f08cdeb78510e43d420d61b732269a504ba6fb31cf884cba1eabed954fe4ef8f82e5231eaad306a34198c598b313ae24c6b2db330b066a8f3c
- SSDEEP
  
  24576:AF1A7ynR+djiZJmZqNd8fBpO8ZCK0zCXAfV4/:AF1znQJOsW8DOYAz1fVs
Score

10^/10

bumblebee 0211r trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral7 behavioral8
- Target
  
  maidservant/sleeplessness.bat
- Size
  
  307B
- MD5
  
  007f530016236bad65441194684324d8
- SHA1
  
  caec6eac26d63be37c3255094f6b5a94eea6ad94
- SHA256
  
  4a9d780a680b3fef57e9f9540a913120de9100be3f758999ded127f57ce81842
- SHA512
  
  3819a594eed9501297ded197f463b64935c925cd633c795e5287788dd16d0f6b16f15de64235629aa580893eb60d13e0506fa6b1cd994ea2b116920be5a63182
Score

1^/10
behavioral9 behavioral10

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

bumblebee0211rtrojan

behavioral8

bumblebee0211rtrojan

behavioral9

behavioral10