bumblebee | 9f8a878f09fe670c743eef7609473f6b520c77168297858eeb0f817aa6c73182 | Triage

Sharing

General

Target

Document_1822.iso
Size

980KB
Sample

221103-vpz5gacgd6
MD5

b97e7eba769336e864f16114179ab197
SHA1

0cae500c2fd97190aa53b0d524f7a69fae96af90
SHA256

9f8a878f09fe670c743eef7609473f6b520c77168297858eeb0f817aa6c73182
SHA512

5fda2d06893ceceb1ac168949e548ebff84bfede3c23bb93c211294d9e29a1aa4273a2ecf29946651d65b1a09386b634dd206a47795eeb5401a44f953cdf2600
SSDEEP

24576:cFH+atTmiSo+fdgOukrK+RASbUtQLItq+Lf:cFH+aJmp1rMSItmIw6

Score

10^/10

bumblebee 0211r trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0211r

C2

193.109.120.156:443

192.111.146.184:443

104.219.233.113:443

rc4.plain

Targets

- Target
  
  Document.lnk
- Size
  
  1KB
- MD5
  
  99c7e5bb423e23ad606d34a4c4b46cd3
- SHA1
  
  d022253a00c34758d1ee759bc0f0a68f5e541ff7
- SHA256
  
  dd0e805bf751f5569f995baf95c08d03737d0fe26bdc7981e245dbf881e6c2c2
- SHA512
  
  257ea0cb5e693d17bf0965f2d290e2d8b290b42b6f6ed4c3bf27b9d37c50205be1e0c558b6827ced94c9b2e1379595271dc73fc7a9d0d30c0197fce9e3d73acd
Score

3^/10
behavioral1 behavioral2
- Target
  
  maidservant/fungicides.dat
- Size
  
  884KB
- MD5
  
  4d6f7a198b0e5b36bab0853bd869a038
- SHA1
  
  7104ae833db89116494d49f7337884711effd30f
- SHA256
  
  5336c479d9f30d7fe3437966533095273e9646027ac66e0b085a2e0553a17db4
- SHA512
  
  817ae626ed32ddd544cd11494fbd02560e31f24dc7c9850b4c608079fe82fd7d63803633b7f6db3e5e4a2a2db38dff66a40fc7832c38d369155d959747dc99ee
- SSDEEP
  
  24576:0FH+atTmiSo+fdgOukrK+RASbUtQLItq+Lf:0FH+aJmp1rMSItmIw6
Score

10^/10

bumblebee 0211r trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  maidservant/insurer.cmd
- Size
  
  315B
- MD5
  
  4fa996f18b69fbbece5ad754f7335815
- SHA1
  
  81dbcb67f0d8bec4a7b6c0d3e003f567d1eda18f
- SHA256
  
  c2b470cb41b2ff746c7f0bc10482dfc0482c25569fcf9a3a9b456d6db376821d
- SHA512
  
  318cfc1e28b7c082dd29835ca1bbdba69812896189e460d265d72d2d9d624fa93afe4058854c0cc28fcd23979ac8ba6094a6472d8b46859a02bba9f13e0c3d4f
Score

1^/10
behavioral5 behavioral6
- Target
  
  maidservant/propitiously.bat
- Size
  
  322B
- MD5
  
  2a929c2a83ae8f03cafb5808b9a2002e
- SHA1
  
  e6ed42d73239c7b2d9ec67ee346acb658798b633
- SHA256
  
  6b2cbf900c59de2565c723257542f61bd35636054682f5153f7bf8f38af1b637
- SHA512
  
  0dee12f3c2b356bffc698beb6af4b19bc4b0f71d362995ae08302fa8845edcb4fbe5631fadf912ba64cc1b111fc560f6aa0e0435d0a3cbf11c3d2f0561873258
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

bumblebee0211rtrojan

behavioral4

bumblebee0211rtrojan

behavioral5

behavioral6

behavioral7

behavioral8