bumblebee | a6a48f8c18172cd0acafce22a39fdc65a720aad346050a7ee1b20cd6a13bd3f8 | Triage

Sharing

General

Target

20221102_ta580.zip
Size

723KB
Sample

221102-v5363adbck
MD5

937e2e02cb5d22ebd0eb4de8d899eb31
SHA1

bad3dc73bcac34a4f28b86900ca29eb9952e4d54
SHA256

a6a48f8c18172cd0acafce22a39fdc65a720aad346050a7ee1b20cd6a13bd3f8
SHA512

c75a10fe3abacceb124e750d07a5985129927cbeb026b73ca2bc869b9ad86f3d27b2f678649fcf6a6e46b4feedad05b9dfdea18bb69b4574720052f418e42fc9
SSDEEP

12288:mzgL3CrGdPs8Lq2qere2vdnJjxUGvl3MfAArwie3jaosLPhrLNc8YLf3i:myC8jLdrZ1nJjxUA9W5kie3jFsL5rLNr

Score

10^/10

bumblebee 0211 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0211

C2

176.223.165.119:443

51.75.63.234:443

104.168.171.189:443

rc4.plain

Targets

- Target
  
  LDYwFaCKXIhkuX.dll
- Size
  
  882KB
- MD5
  
  03d51920a3d0e22a393dca36eabe4f0c
- SHA1
  
  cae3d3e299e450db7b0d4a2a8d9474ad0ad50b22
- SHA256
  
  8607ab81c1a81556c2d433dc123a2a23734d47e3e983e0177ef93a3333eabf47
- SHA512
  
  a99ce5921105b32564140d81a869645abb340dfeff0b74f4278450f21aaf3b3823d6d52987d3634f5e8f0f723a6f14818d42a7ef12da44126c019f6cf08af9b6
- SSDEEP
  
  24576:30vmdBQqlXGM+68I31p2v1Gyc10yLhkr1:30vSBQqlWMf31S1yLhk
Score

10^/10

bumblebee 0211 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  pBLiwECeuZiHFL.bat
- Size
  
  1KB
- MD5
  
  ff1583c2c367477eb0873a15201cbcee
- SHA1
  
  8e24b760fdfa2e45eccf800644749b5942f79b4f
- SHA256
  
  c4730df817cb9010496afb25668619249e8e93a64d860783c7a49675c7c4fe0b
- SHA512
  
  ed2b5744269509359be16ae35dc08b9eb2ca1c8e4876de3605f2a7486774d16cbf8207288ec9d82c34ddd49f81f903618d996d91df65ac5a46792b5036867a12
Score

10^/10

bumblebee 0211 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  required documents.lnk
- Size
  
  995B
- MD5
  
  6b21b97785ef22f67e72c897115411ee
- SHA1
  
  3cc12b0994e0c25fe51d0e4596c9847ec4a2a19b
- SHA256
  
  b3bdf5e58460967d9837165ad1ab6bde950f55bd7ae40382d3352a054acd89c3
- SHA512
  
  53d20814fb3829c43e40027aa1d18273064b4272d3cddf5b52c80bf13281b90dd8e59653974d1101a292571da34e8dedde9f2f46cd37bc71df44e615681f5b0d
Score

10^/10

bumblebee 0211 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee0211trojan

behavioral2

bumblebee0211trojan

behavioral3

bumblebee0211trojan

behavioral4

bumblebee0211trojan

behavioral5

bumblebee0211trojan

behavioral6

bumblebee0211trojan