bumblebee | 1a06b268c8398494eff8a3e8532415383b6384552158ba26ad56f054814f4b25 | Triage

Resubmissions

03-11-2022 17:20

221103-vwt7ssfber 10

03-11-2022 17:16

221103-vs7cyscgh3 3

Sharing

General

Target

obama-pw-abc794.zip
Size

754KB
Sample

221103-vwt7ssfber
MD5

b3574cd03afd3fcd8d58958d0da3868d
SHA1

9c8a88a3dba2602fcf2b5d97ae448564c8dc4ceb
SHA256

1a06b268c8398494eff8a3e8532415383b6384552158ba26ad56f054814f4b25
SHA512

39b94f4f6012ca84c4e15bd756553a7037c9534b5674d45a810eaba16208204d145ccadb0cf3cbaf352a8a9cf0961964a76b4039cc73707db5c150ac5658c038
SSDEEP

12288:x5puL+5ffw+KD7d6EAOG6KtkEtyjiv33faLU02QWhjkTlsSR/kF0FmRkcnunk:9nw3dxGrtu6nyg0OhjkRsSR/kFlRki

Score

10^/10

bumblebee 0211r trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0211r

C2

193.109.120.156:443

192.111.146.184:443

104.219.233.113:443

rc4.plain

Targets

- Target
  
  Document.lnk
- Size
  
  1KB
- MD5
  
  c5b4481f62732e01a1ac5343602aeb68
- SHA1
  
  9fbc075732d97b723717e2d8b53db092cbb0c1a0
- SHA256
  
  33cd63673bf4c1fbccc75c7501de79a1fa6c879888de2fae06eef57af6149656
- SHA512
  
  02ddb4a8e11f0fc23bc4ccb0ab37b75cc14f4f347213fa4527826748fc6b5602837191cbe3b16cfad971ca353cc5a9a7ad951efd216797ddfb0a80533c15e36c
Score

3^/10
behavioral1
- Target
  
  maidservant/changeability.dat
- Size
  
  883KB
- MD5
  
  c5f2f4f62a273ddebaa72be2bc60aa96
- SHA1
  
  ec0e5be2eb48abd1f8f7d768c51280bb52e8dd35
- SHA256
  
  56088c0abddea8f5af72f2e212d1da5688cc3c67e6587e5885107d6b900c37bb
- SHA512
  
  02fb65e5907611765f4df50483bbc8f9f5ba25115f986c0582b5ee1f20ec0cccc37cc875c8f9a5594a924def19e87cb0931e723d48333da217392b905414d085
- SSDEEP
  
  24576:bl7tQ/ikPAknx9XfzPXMRrMnSUcQBlmzrle2:bl7i/i+A297PXMn3QBlOe
Score

10^/10

bumblebee 0211r trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebee0211rtrojan