bumblebee | 40c255ea500f2de3136057c9ba88dd3875f7b15bd2fb72540f9f6d85bcc755e4 | Triage

Sharing

General

Target

20221108_ta580.zip
Size

819KB
Sample

221108-xr16naefaq
MD5

3fb64521d2004c65796b59c8823f7589
SHA1

fb7ba1d878d8f631d37e7e5d574f0e51f67fb7f3
SHA256

40c255ea500f2de3136057c9ba88dd3875f7b15bd2fb72540f9f6d85bcc755e4
SHA512

0b21348d548d7b428a74a8caecf2a4c2817fcd9ab8321798f82ff3224f351605516df9bb8e772f13fe1c1b0f7bc98d23cb641a0bcc71b675bbc79a4be30c514b
SSDEEP

12288:emwHZBUp5r5xed7eibLZEVh3lHq5GSXIFacfWdjeseO1eb5XbI638QspLutlSw4Z:wwpX0tT1y3qbX1cTh73Xs+8Z/

Score

10^/10

bumblebee 0811 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0811

C2

104.219.233.127:443

192.236.194.101:443

146.70.161.82:443

rc4.plain

Targets

- Target
  
  XAnbADuUedJlBE.bat
- Size
  
  1KB
- MD5
  
  8ae47905093ff8acd0fc3f023a30bbdc
- SHA1
  
  184fc76e91488b8ad5b3041153ba8d9a98eafc07
- SHA256
  
  7dfb2ecf76c386504119056d20f3a65d83f7bb3f297e2f63aa63b2e205c72105
- SHA512
  
  24e7ad5726e69f160dee69d103f6674bf929813763d1d2ae46bdd6132b3e8851de67c8171a53223a05dd1fcc9823becaefd108b7db8ab185d2a8bc8a3b150346
Score

10^/10

bumblebee 0811 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  project details.lnk
- Size
  
  995B
- MD5
  
  602cd18f1efe7bb632476465912c9b1c
- SHA1
  
  a2f5f20df297f37fc2bb90156db971a3092b3427
- SHA256
  
  6fb4c22af244bdf6cb2bb520086dd48c01ba547f11b57ffd6c7f6c9aa09af639
- SHA512
  
  6810bcc2503ef14e42ce6997463375d7c92431774dc0afc22a2e7c5bfb7e1bdb7facaf1b91549c108fc10a4ae7623aa5c0178aad291d70cc30a76f6e495d59d4
Score

10^/10

bumblebee 0811 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  uDzpJZuAIMIPqQ.dll
- Size
  
  974KB
- MD5
  
  05454e5374dc8aa66f06cab516557b45
- SHA1
  
  6c8d798ad2e97ca2faead871cab67f827d6ac62a
- SHA256
  
  90162de4666cd086ae4ee6688a5a714fd152c6dbc14afee56fc2ae46bdfe8269
- SHA512
  
  5be5549df3c5eebdf13bdb7386294d11bb45bccb5ff3fb4a94abf324128bcca2dfb3029a8150d687423f5c1da36cdfc0debaf56165c28d08169a1be58ce32775
- SSDEEP
  
  24576:cfKDb7MIZeTdPvtbgNshxE42cHeZpuDAa34u4vvDcN:4qvE3Vg6J2c+ikDbvYN
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee0811trojan

behavioral2

bumblebee0811trojan

behavioral3

bumblebee0811trojan

behavioral4

bumblebee0811trojan

behavioral5

behavioral6