bumblebee | 584d1a787374e437b050149ee9e1f891496db0d5e1f86bc08c1c3f003143bb80 | Triage

Sharing

General

Target

TA580_20221104.zip
Size

720KB
Sample

221104-zvdkwachcm
MD5

dbcb4db8cd9b1034a9d1b27a8d35bf3b
SHA1

560699995e1db3f06e5a635725fc4a9e6140cdc2
SHA256

584d1a787374e437b050149ee9e1f891496db0d5e1f86bc08c1c3f003143bb80
SHA512

c6b5278aa440a3c9ac9046453be9ba3a521f6c982667c15359cd2b2de62e4f44e65f0ad68b5ec2d53ae07532d513d1ae61bc7921af690106b520bb967412b681
SSDEEP

12288:vQc4yJs5D39Pp+x9M+VurjwBSB1BuOGM/YPDpN5BRSv3GpkXIVcDOdF:vd2729M+YrjbB1BjGBDpNBGKkcF

Score

10^/10

bumblebee 0411 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0411

C2

192.119.120.146:443

54.37.131.10:443

146.70.139.252:443

rc4.plain

Targets

- Target
  
  DKyVKmgVSvviRl.bat
- Size
  
  1KB
- MD5
  
  a3278817a228bfe014efa23c1f5ea606
- SHA1
  
  577b3550e9fae158aa5020c0e2eec4159657b261
- SHA256
  
  b00a6c38740aece0bf52e3ae04523ed03009908353709de8463580bb628c2c1e
- SHA512
  
  c74a1feac03c9a0cf7d9e53547cde5df06bafdde73d1bf1f289c42c9deb23c269f6a732a3de095e4f579b320adc7cd18568565c437f4d1b8db0ec3d2aedd269e
Score

10^/10

bumblebee 0411 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  aMLjTIhBvevLGx.dll
- Size
  
  997KB
- MD5
  
  59dc887601cbaaead82bfe63e5e38340
- SHA1
  
  77f4828ed6eaf990c2d3e50c0b6f041519d52a2d
- SHA256
  
  54752a51b0024f0cf90d7cab52f97cc7798fd5bda8e03b9ade44ee45638dbe8e
- SHA512
  
  041fb2a37793630683cdfbe7538fc6a44d4550a21b67df3b24147d72001d01d3898c79db210311aebd913854cb3647de23b2599e945a9ef3004906c68bf0d714
- SSDEEP
  
  24576:gOaBNP2MOnriAaG4tmHjf6wv2nybJpxm9EsYqdwu:gOaH2MOrf/4tQ3J7mcq
Score

3^/10
behavioral3 behavioral4
- Target
  
  details.lnk
- Size
  
  995B
- MD5
  
  318e9e89ec41466076292116a0e97880
- SHA1
  
  74a79d98c63ecb86c69bcd0346a346f1e4f85626
- SHA256
  
  ea1d322b8acea3e0d92846895391f96123f54fa1eb641b42a29ddd4b856b3065
- SHA512
  
  45151567ff4a7b810ebb6995c09038c06cc1dad08dc197a02ae2a705e46bcafeb3a080a706a39f5b272d3b88332c3524ebbc7c4bc7f1bb4e32a09c859e4aee18
Score

10^/10

bumblebee 0411 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee0411trojan

behavioral2

bumblebee0411trojan

behavioral3

behavioral4

behavioral5

bumblebee0411trojan

behavioral6

bumblebee0411trojan