General
-
Target
Document_9698.iso
-
Size
980KB
-
Sample
221103-mzhn6sbfgp
-
MD5
580ca5949eb9343c7ef11f4b33d18d34
-
SHA1
99c3d33be090aecdfaa0578e9241a67b4a9775b9
-
SHA256
e65bee5931c1b6a56847d37b422d5a45a9f5ebef25da7f37298ee08d01847c89
-
SHA512
dc672231d7adb1bee98fb3cb5321985f976eb040f2adc6fdccca8af0addf8fb1bbadcf69cf85d4aff18be43fd261fe9cd7676aaa862db8668be0a977149e87b5
-
SSDEEP
12288:bAth+FYv2Mo+Rp0XZL9xa/H+091EHXP7ZCID1iQhc7RAVG2o+WVwDXsHLfumzOip:cn+FY+mmV9QW005hayuQXsrfumFPR
Malware Config
Extracted
bumblebee
0211r
193.109.120.156:443
192.111.146.184:443
104.219.233.113:443
Targets
-
-
Target
Document_9698.iso
-
Size
980KB
-
MD5
580ca5949eb9343c7ef11f4b33d18d34
-
SHA1
99c3d33be090aecdfaa0578e9241a67b4a9775b9
-
SHA256
e65bee5931c1b6a56847d37b422d5a45a9f5ebef25da7f37298ee08d01847c89
-
SHA512
dc672231d7adb1bee98fb3cb5321985f976eb040f2adc6fdccca8af0addf8fb1bbadcf69cf85d4aff18be43fd261fe9cd7676aaa862db8668be0a977149e87b5
-
SSDEEP
12288:bAth+FYv2Mo+Rp0XZL9xa/H+091EHXP7ZCID1iQhc7RAVG2o+WVwDXsHLfumzOip:cn+FY+mmV9QW005hayuQXsrfumFPR
Score10/10-
BumbleBee
BumbleBee is a webshell malware written in C++.
-
Executes dropped EXE
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-