bumblebee | 886eb38e77b5d5201507670852dd35b0c52ca09794f1e4dd2921b75453ce924c | Triage

Resubmissions

08-11-2022 19:50

221108-yklm3agahq 10

08-11-2022 19:00

221108-xn2m1scfg4 3

Sharing

General

Target

Scan_Document4852-(Nov8).iso
Size

1.0MB
Sample

221108-yklm3agahq
MD5

bf64419cd700304a2b025571f1663bc0
SHA1

2b3ac60c3ace02bc7149b21b1fabe3ed8574e59c
SHA256

886eb38e77b5d5201507670852dd35b0c52ca09794f1e4dd2921b75453ce924c
SHA512

46812da6ecb036749dbf1efbc5afa98da5add5b6fe60a94d51e440a7bc7f3ffa3b23c4d418532f8c94455be26c33a241391fd9a3b4e5205b60b8c17bb4579398
SSDEEP

24576:4ZDtIk9GUX8zVzpSZe1Sn7xbRHCaGOGZ3Sz3y/0F+:mDtjBkwe1sdCaGp94Co

Score

10^/10

bumblebee 0811r trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0811r

C2

176.223.165.108:443

146.19.253.28:443

146.70.149.38:443

rc4.plain

Targets

- Target
  
  Scan_Document4852-(Nov8).iso
- Size
  
  1.0MB
- MD5
  
  bf64419cd700304a2b025571f1663bc0
- SHA1
  
  2b3ac60c3ace02bc7149b21b1fabe3ed8574e59c
- SHA256
  
  886eb38e77b5d5201507670852dd35b0c52ca09794f1e4dd2921b75453ce924c
- SHA512
  
  46812da6ecb036749dbf1efbc5afa98da5add5b6fe60a94d51e440a7bc7f3ffa3b23c4d418532f8c94455be26c33a241391fd9a3b4e5205b60b8c17bb4579398
- SSDEEP
  
  24576:4ZDtIk9GUX8zVzpSZe1Sn7xbRHCaGOGZ3Sz3y/0F+:mDtjBkwe1sdCaGp94Co
Score

10^/10

bumblebee 0811r trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebee0811rtrojan