Overview

overview

10

Static

static

Scan_Docum...8).iso

windows10-2004-x64

10

Resubmissions

08-11-2022 21:43

221108-1k85gabggm 10

08-11-2022 21:40

221108-1jawaaabb5 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scan_Document9698-(Nov8).iso

  • Size

    1.0MB

  • Sample

    221108-1k85gabggm

  • MD5

    2c0525c54018babb42a4c123bb8a9944

  • SHA1

    3ba334b1ddcbc1375477bf382db3b82e87b3a425

  • SHA256

    4797a2010eb6788cf55cd1f8a70e732770e136cc34aafcd973d536c98f52f649

  • SHA512

    a4409e154cf56691ec89ac92ab4f111f1c2aa0d1c209be72b7e27cf5570546012e66621c77884b5d0b712ab799846d26f6f8707e62321cec4020a655de0475a8

  • SSDEEP

    24576:2L6kLUpp+h2wCb2T/C6gndKfFG7GcIvUXVETg:2LlLCKPbkn23

Score
10/10
bumblebee0811rtrojan

Malware Config

Extracted

Family

bumblebee

Botnet

0811r

C2

176.223.165.108:443

146.19.253.28:443

146.70.149.38:443
rc4.plain

Targets

    • Target

      Scan_Document9698-(Nov8).iso

    • Size

      1.0MB

    • MD5

      2c0525c54018babb42a4c123bb8a9944

    • SHA1

      3ba334b1ddcbc1375477bf382db3b82e87b3a425

    • SHA256

      4797a2010eb6788cf55cd1f8a70e732770e136cc34aafcd973d536c98f52f649

    • SHA512

      a4409e154cf56691ec89ac92ab4f111f1c2aa0d1c209be72b7e27cf5570546012e66621c77884b5d0b712ab799846d26f6f8707e62321cec4020a655de0475a8

    • SSDEEP

      24576:2L6kLUpp+h2wCb2T/C6gndKfFG7GcIvUXVETg:2LlLCKPbkn23

    Score
    10/10
    bumblebee0811rtrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks