bumblebee | 50f6af1df3ca9b3ce774bae870aa468e43dfb8b2b304f5297010c7acf109992c | Triage

Sharing

General

Target

50f6af1df3ca9b3ce774bae870aa468e43dfb8b2b304f5297010c7acf109992c
Size

967KB
Sample

221103-2efreaabfj
MD5

f755b615f00bbcda2ba3dfefba156d84
SHA1

0b7c2399e1f90a83cf33a10d9e5c982b9641e54a
SHA256

50f6af1df3ca9b3ce774bae870aa468e43dfb8b2b304f5297010c7acf109992c
SHA512

fc2da2cc3ceb41b0f7deb8e3c2532c71c73ebe9e9a3c74ba00e08253cc3bb3667558f21fc2bee1c78b229113e2e6eb34a5e3d6a2ef8f4b99baadd9b540814dfd
SSDEEP

12288:OsR+JOrTyNiXY/YbOtqi4Q9DlSQbMVvivnkzKvrnq/hLboj1HVQeVeAKxInXUjP4:OscsowqCicUMEsGTnq/Bc+YeJeUy8

Score

10^/10

bumblebee 0311 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0311

C2

64.44.102.224:443

146.70.161.59:443

192.236.194.104:443

rc4.plain

Targets

- Target
  
  50f6af1df3ca9b3ce774bae870aa468e43dfb8b2b304f5297010c7acf109992c
- Size
  
  967KB
- MD5
  
  f755b615f00bbcda2ba3dfefba156d84
- SHA1
  
  0b7c2399e1f90a83cf33a10d9e5c982b9641e54a
- SHA256
  
  50f6af1df3ca9b3ce774bae870aa468e43dfb8b2b304f5297010c7acf109992c
- SHA512
  
  fc2da2cc3ceb41b0f7deb8e3c2532c71c73ebe9e9a3c74ba00e08253cc3bb3667558f21fc2bee1c78b229113e2e6eb34a5e3d6a2ef8f4b99baadd9b540814dfd
- SSDEEP
  
  12288:OsR+JOrTyNiXY/YbOtqi4Q9DlSQbMVvivnkzKvrnq/hLboj1HVQeVeAKxInXUjP4:OscsowqCicUMEsGTnq/Bc+YeJeUy8
Score

10^/10

bumblebee 0311 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebee0311trojan

behavioral2

bumblebee0311trojan