bumblebee | 3fdf1be957886affcc289f411ab91d634bb46e1537fc5e58f72c70bbd376d528 | Triage

Sharing

General

Target

files.zip
Size

708KB
Sample

221107-xp378sdbg6
MD5

92f854307ee353e6225009dbb8560942
SHA1

2dc5e01dd31a83437f2363e52c12d2b96f4deb80
SHA256

3fdf1be957886affcc289f411ab91d634bb46e1537fc5e58f72c70bbd376d528
SHA512

19587bd51ca299e1ae00e6c7a61b69c39fb58e9f13c47a6cb8955633a741ec959434bfc13a21681736d52d0f0c58683a88f60bab6f796e6615f5071ee62a21da
SSDEEP

12288:nwkmt6M0MuY6M91exTp7WErsKmMqb2Pv7PX14mk0SdZ8cRr40DEZ3Fy:wBt6XMuYp0Tp7rgVMqb2Pv5zk0fzjZ3o

Score

10^/10

bumblebee 0311t2 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0311t2

C2

39.65.8.170:443

103.144.139.156:443

107.189.30.231:443

91.245.254.101:443

194.135.33.127:443

rc4.plain

Targets

- Target
  
  bb.dll
- Size
  
  966KB
- MD5
  
  6e780435da8461940fc822f31b7368d2
- SHA1
  
  1f9467a1495ee143588e9b53f0a5b1ebe311d4b5
- SHA256
  
  0a4af4996a5f1c091cde6b18907c08fe31f373d7477d2f524161a45d130a1fac
- SHA512
  
  76d9bf6522278d9b9d7f3979bccbb894684cea1e87c034fcd71860e969fc367f6a7a42f67184296cdeb5f77a2893c307868f8bd0f6c4d0f548a09549b05833fe
- SSDEEP
  
  12288:+s+DiK3N/x/8rwMAImFetO29Qvnr7iL7/FXQ6e4HP5kGpmaJTWPa5bi5pguM649J:+FgxAIyDvn9kqCtwWi5iukff
Score

10^/10

bumblebee 0311t2 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  run.bat
- Size
  
  32B
- MD5
  
  515ab1b36d62a9fe2853d29dffe5ce79
- SHA1
  
  a2e397c2f9ae044146eb57e43dd4dc4851af5e55
- SHA256
  
  e029e5c7e6f01937cec6f8e7c175ee17b99155905224261f42584165d3202070
- SHA512
  
  e9b085733214043adcce9b23055dd783cc9582d0ddb6d1fc8c0ae7ecb3b262d389ddb07ee980d9fc23589d58d1bb0ce031c584c99944181b8db527a3f114e6a2
Score

10^/10

bumblebee 0311t2 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebee0311t2trojan

behavioral2

bumblebee0311t2trojan

behavioral3

bumblebee0311t2trojan

behavioral4

bumblebee0311t2trojan