Overview

overview

10

Static

static

Document_5...).html

windows10-2004-x64

10

Resubmissions

08-11-2022 20:42

221108-zhe8yahgbp 10

08-11-2022 20:40

221108-zf9prsgba6 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b14b08606efdfb052c74f392064fd83b-sample.zip

  • Size

    1.2MB

  • Sample

    221108-zhe8yahgbp

  • MD5

    b339586973873e3229419436ed16e09a

  • SHA1

    ff5b2b9cb02d0d7ed3e6385510cfda49eb2630f4

  • SHA256

    d6440698e326bcb1ae283c425e803ef4a55af495e40dae44a0bc3bd1f9d29c87

  • SHA512

    9ec078c0ac848474f535309a303ee039b3ca2e6caf730155a91de3290f2f761220ba8b2c980d54557658b2c4c1e40d862f1e0ae664c9ad80f8836a5d6ed81ac1

  • SSDEEP

    24576:gcp/I9LvRdQR4uVRTMJXXOWiLS8c5Ivrt8YQpozXxRN3KQ9d:gcp/k9dQR4uPTMd/TIviYhxfD

Score
10/10
bumblebee0811rtrojan

Malware Config

Extracted

Family

bumblebee

Botnet

0811r

C2

176.223.165.108:443

146.19.253.28:443

146.70.149.38:443
rc4.plain

Targets

    • Target

      Document_5299_Scan_(Nov8).html

    • Size

      1.8MB

    • MD5

      a46b05a1216a108488b58928479511be

    • SHA1

      a25dfbf1575d84052bf0c626847c82d74cbc7849

    • SHA256

      2452568dc5962012a3c2e30223a0ca5e0d64013292f9690d00c2171020f8614a

    • SHA512

      bd86ec6030b715255df556a451c15880eea7b7b471e44f042b8092c6882c38c65fd56c266e9d93d62cad22c386ed92d5a52ecff57144faa4ae3cb3cbd41fef08

    • SSDEEP

      24576:N2XNH1C8Q24oABK7UhqQiWlQPbFIZqbOXHFaT/OdBowgTIF/rxK8rvp+sJTq0ngG:E9VCHZBKiqp2iEaq0/Elg8rR+Kq8

    Score
    10/10
    bumblebee0811rtrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks