bumblebee | edeab0df9cab4c8bc33ffd3ef54c0576b39f6016655cc778334f4f6b8945977e | Triage

Sharing

General

Target

Desktop.zip
Size

715KB
Sample

221103-2j96tagbg8
MD5

a0a6e5d43360734fa97e20332dadc01a
SHA1

9ab5b341aba5680220f79b0e15abe1a81bba1b59
SHA256

edeab0df9cab4c8bc33ffd3ef54c0576b39f6016655cc778334f4f6b8945977e
SHA512

aecc0759046b6306fba09cb8cbb9ee14c13c73fcc2b4894502c7db117a1a7f75022ed132102ed24e3a8b5ebaf4bdfa2921357e87a5430fbe41c77c4559b2d492
SSDEEP

12288:7Ym7O+muqygfIUitax01B1epgrbZpC3w/gKho+zv9kHjnCb6k8QJmCeaERyk:dAXwhtaxNOvjXT6w6HjCb6kZeqk

Score

10^/10

bumblebee 0311 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0311

C2

64.44.102.224:443

146.70.161.59:443

192.236.194.104:443

rc4.plain

Targets

- Target
  
  OyNrEOXqQnrBVp.dll
- Size
  
  966KB
- MD5
  
  bd16d730f650434ddbe551583c8eebf1
- SHA1
  
  ae2fb59b6dd326b29f4190d8bf20551567584a44
- SHA256
  
  c3b55562cdb4283d0745297ea25d7b14f774b41c14ae455d2b0c528327548869
- SHA512
  
  2a22937835526021e7ac3c3823b19108d89ebec8f576d69a497f86a9debbf20468a39b093fe146868374fc5c689f52f7444bf857eccc44df745ad4e37d79b7e4
- SSDEEP
  
  12288:ttBYC2oNS0DEYnl2P/VS2CGYqjkrKzQpdEZ8COwi7fJFmcnKzlI3ix50:ttqCtvwPtSeYrKCXjPmcnKzlzs
Score

10^/10

bumblebee 0311 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  documents.lnk
- Size
  
  995B
- MD5
  
  d427e019e49028f4062aaabac1d861aa
- SHA1
  
  0eb483a71363383046df31ef34ad0adba2e2f92e
- SHA256
  
  82be83916929f212ea1c6b41fa731a767140cec9ba3e0becf652c9185092ded5
- SHA512
  
  68a0a7419d2fde01d4654c8703301385e0284c56303cde86234d7ba3d38a114b96c371924ee484c1b2e039042a1cecf4558e88bc8ac65662d66ecfc30fb4b75b
Score

10^/10

bumblebee 0311 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  swBdvsXKmEsXgd.bat
- Size
  
  1KB
- MD5
  
  11571cb7543f27a669a315c59c6daa26
- SHA1
  
  0a7623689fcfb1d19fd51c4fa23fb3b83d0fce9e
- SHA256
  
  b4d367fcd6757019179b99220e5500277fae9cc13028771457edee23eeebe412
- SHA512
  
  ddc2f689d5480971195c3ae5a9083cfb6b7bc2568ce54a707f6fc7f67c0acf6c20a71a40ec3922cc66e2b08cf48e10a6855428dc658d278470ca4e4a72e6e369
Score

10^/10

bumblebee 0311 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee0311trojan

behavioral2

bumblebee0311trojan

behavioral3

bumblebee0311trojan

behavioral4

bumblebee0311trojan

behavioral5

bumblebee0311trojan

behavioral6

bumblebee0311trojan