bumblebee | 18ab01e312f13b5dcf847ffce6f2536083c24d7ed2195ddb84b5c106ff11fc24 | Triage

Sharing

General

Target

TA580_wetransfer_20221107.zip
Size

658KB
Sample

221107-zyk45abgfn
MD5

2e9f659a0ef0ccfc0f446aab66ddf852
SHA1

3ca942451e687eab63b8d312d121e16cdbf2775a
SHA256

18ab01e312f13b5dcf847ffce6f2536083c24d7ed2195ddb84b5c106ff11fc24
SHA512

48993b12a1dff9219136edd8e9b58406f3ea469a38207432cdafdbe83bd2fb05c9cc0b2ca57a133e369344b1625f30f511a51ff036e39eceaeee17db53cec631
SSDEEP

12288:W6RJi7jKYyoID0RiRbqboI6TLWAiqslQwxJ7GQguwxB2/kh5EaxY:5i7jyoIDmiZRLWBlVxlGbThtC

Score

10^/10

bumblebee 0711 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0711

C2

85.239.52.15:443

85.239.54.192:443

85.239.52.113:443

rc4.plain

Targets

- Target
  
  PDbfQsNCbKysMm.bat
- Size
  
  1KB
- MD5
  
  e41202ae491aedc10e4ee319a045be15
- SHA1
  
  2f719f9c05f92c31135b75da8e6e803b71843c05
- SHA256
  
  bad4aed36b4167a0f00a72f8598cc9dab2069e0f908be9b58b72d10690aea622
- SHA512
  
  82dff15c383a23592b3e3d00ccc85d4bebf61e4821ebe8b855ddfd0a3ae953a49b791d3e57537ae255990d9956a6284820b67c6da105e10be7e730078a28a1fc
Score

10^/10

bumblebee 0711 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  mGntZOOiFtyWBy.dll
- Size
  
  1014KB
- MD5
  
  4fc0a4bb857934789000a50d2572e56a
- SHA1
  
  725ffb5fe4eaa20ae9b57dac84fb02274ec0848c
- SHA256
  
  9e2a0a55c788042a74ddc0762dd0c67af007e38784ffee7beaa7607a4a14e4b8
- SHA512
  
  18a34d220ece8d204637fd4377a4bdf07fbafa52cd727dd55d6fca656cbbcc8bfc9dac13f3864a1938cb1973487320be864d060763a7fd55c83276aedcd5f771
- SSDEEP
  
  12288:CkoTtCovN3LtbV5RCQXJa8STs7AsB3/vp3E2PuHQ1:sCovp5HJaJsRPvp05w
Score

1^/10
behavioral3 behavioral4
- Target
  
  project details.lnk
- Size
  
  995B
- MD5
  
  d9257c75c3196e49489be81a63e04cc9
- SHA1
  
  0caa3985f40ff5eb0c6d590d29654d226669578d
- SHA256
  
  3a988ed0f3b6dbc49f1e44be071df149c32cb5133c7bad96898ca3cbbf93d83b
- SHA512
  
  b4eaf6b098c05af6a0d50824e79ded405837e61e4bbdb1a93b802f1f30bc35a14af5db4997d4eb12d77c68f67e6f81ba38047bcd937807949a842d099935a709
Score

10^/10

bumblebee 0711 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee0711trojan

behavioral2

bumblebee0711trojan

behavioral3

behavioral4

behavioral5

bumblebee0711trojan

behavioral6

bumblebee0711trojan