Overview

overview

10

Static

static

2022-11-07...ix.ps1

windows7-x64

1

2022-11-07...ix.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2022-11-07-Powershell-script-to-install-Bumblebee-Peurix.txt

  • Size

    170B

  • Sample

    221108-tnz8eafcc5

  • MD5

    299563c5074a9a77e4e0b85240d4237c

  • SHA1

    ac5bdbe219f4da3378cc1ac27e9f8c6496bea970

  • SHA256

    24610513b3eef44c19a79b0b769076ecdf7e0e25c556c0f5de5c50e18c29200b

  • SHA512

    3768aa232326c4864c92326dc52b2fc8959e9e843ab8b22f78168fad033843e16759fdbe171bfcc2834f8d46bd61a6aa9ab0e68695237dc062eed284e8da5549

Score
10/10
bumblebee0311t2trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0311t2

C2

39.65.8.170:443

103.144.139.156:443

107.189.30.231:443

91.245.254.101:443

194.135.33.127:443
rc4.plain

Targets

    • Target

      2022-11-07-Powershell-script-to-install-Bumblebee-Peurix.txt

    • Size

      170B

    • MD5

      299563c5074a9a77e4e0b85240d4237c

    • SHA1

      ac5bdbe219f4da3378cc1ac27e9f8c6496bea970

    • SHA256

      24610513b3eef44c19a79b0b769076ecdf7e0e25c556c0f5de5c50e18c29200b

    • SHA512

      3768aa232326c4864c92326dc52b2fc8959e9e843ab8b22f78168fad033843e16759fdbe171bfcc2834f8d46bd61a6aa9ab0e68695237dc062eed284e8da5549

    Score
    10/10
    bumblebee0311t2trojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks