Overview

overview

10

Static

static

bb.dll

windows7-x64

10

bb.dll

windows10-2004-x64

10

tps1.ps1

windows7-x64

1

tps1.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    files.zip

  • Size

    708KB

  • Sample

    221107-xkfw5scha5

  • MD5

    db0b8cac986126fba409300a0594f4ce

  • SHA1

    16f6651fa032c3e16562decec88868fb8f2e430e

  • SHA256

    8635911b8839322e420f9b53a075642e91ef3c71176109ab0a73df78345b56ae

  • SHA512

    0b855aa9cdacb18de5defc204bf696f6783ffd530f2fb92a93d4a85729873ceafc2363cec7cc2d7dba50a87c6102c3dc327546de5897e61dd457e05878d21b13

  • SSDEEP

    12288:xwkmt6M0MuY6M91exTp7WErsKmMqb2Pv7PX14mk0SdZ8cRr40DEZ3Fo:CBt6XMuYp0Tp7rgVMqb2Pv5zk0fzjZ3+

Score
10/10
bumblebee0311t2trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0311t2

C2

39.65.8.170:443

103.144.139.156:443

107.189.30.231:443

91.245.254.101:443

194.135.33.127:443
rc4.plain

Targets

    • Target

      bb.dll

    • Size

      966KB

    • MD5

      6e780435da8461940fc822f31b7368d2

    • SHA1

      1f9467a1495ee143588e9b53f0a5b1ebe311d4b5

    • SHA256

      0a4af4996a5f1c091cde6b18907c08fe31f373d7477d2f524161a45d130a1fac

    • SHA512

      76d9bf6522278d9b9d7f3979bccbb894684cea1e87c034fcd71860e969fc367f6a7a42f67184296cdeb5f77a2893c307868f8bd0f6c4d0f548a09549b05833fe

    • SSDEEP

      12288:+s+DiK3N/x/8rwMAImFetO29Qvnr7iL7/FXQ6e4HP5kGpmaJTWPa5bi5pguM649J:+FgxAIyDvn9kqCtwWi5iukff

    Score
    10/10
    bumblebee0311t2trojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      tps1.ps1

    • Size

      170B

    • MD5

      299563c5074a9a77e4e0b85240d4237c

    • SHA1

      ac5bdbe219f4da3378cc1ac27e9f8c6496bea970

    • SHA256

      24610513b3eef44c19a79b0b769076ecdf7e0e25c556c0f5de5c50e18c29200b

    • SHA512

      3768aa232326c4864c92326dc52b2fc8959e9e843ab8b22f78168fad033843e16759fdbe171bfcc2834f8d46bd61a6aa9ab0e68695237dc062eed284e8da5549

    Score
    10/10
    bumblebee0311t2trojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks