bumblebee | 08d93a2201ddb766209a9a6adf88c377a2617a6d963bd408c3dabe92ae8b9b5e | Triage

Sharing

General

Target

Document_2173_Scan_(Nov8).html
Size

1.8MB
Sample

221108-sjy9wafaal
MD5

74883888d9279c414e01db7e654306c2
SHA1

a4a22d336b6fdf9adccedf7518a0013d2622e36f
SHA256

08d93a2201ddb766209a9a6adf88c377a2617a6d963bd408c3dabe92ae8b9b5e
SHA512

ae4757db86561c4085ef291e33691a18e6375cbbf100dfd7aeb8533ea937d8c41e0f0a8b7410904ea183e904701edd590416744322b9f2f6ed4e1e68f37ce8de
SSDEEP

24576:F2XNH1C8Q24r4xUL4/tcE9rhEfzA9n3UX7lGFPvvQjouYabAXgBlgbqRWuDLe:M9VCHQWmlojouldBl9RWue

Score

10^/10

bumblebee 0811r trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0811r

C2

176.223.165.108:443

146.19.253.28:443

146.70.149.38:443

rc4.plain

Targets

- Target
  
  Document_2173_Scan_(Nov8).html
- Size
  
  1.8MB
- MD5
  
  74883888d9279c414e01db7e654306c2
- SHA1
  
  a4a22d336b6fdf9adccedf7518a0013d2622e36f
- SHA256
  
  08d93a2201ddb766209a9a6adf88c377a2617a6d963bd408c3dabe92ae8b9b5e
- SHA512
  
  ae4757db86561c4085ef291e33691a18e6375cbbf100dfd7aeb8533ea937d8c41e0f0a8b7410904ea183e904701edd590416744322b9f2f6ed4e1e68f37ce8de
- SSDEEP
  
  24576:F2XNH1C8Q24r4xUL4/tcE9rhEfzA9n3UX7lGFPvvQjouYabAXgBlgbqRWuDLe:M9VCHQWmlojouldBl9RWue
Score

10^/10

bumblebee 0811r trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebee0811rtrojan