bumblebee | 1abbd122b009686bc66012aa19b7fca739ee09c131049acb03424c2bcf58b72a | Triage

Sharing

General

Target

221108-xr16naefaq_pw_infected.zip
Size

820KB
Sample

221109-hnmrjaeec8
MD5

49141315838c872171204fc3e4b17a52
SHA1

c21f7283b60d506bcbee0546f21ac4cb4f47c3f1
SHA256

1abbd122b009686bc66012aa19b7fca739ee09c131049acb03424c2bcf58b72a
SHA512

6f74a6a2826bd16716095a6fb0480e8b256a3e783cfa80bccf3aed98a62d5f06897413ad01d57b36385c62a636b91135dad26c4f64595953738f5166d6c78cdf
SSDEEP

24576:CzpfxeBrtyM0BRZEr1aH/e6mHqc952iZ+Rqnxd:Apfxc4lB/Er1aHm6mKcSomqxd

Score

10^/10

bumblebee 0811 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0811

C2

104.219.233.127:443

192.236.194.101:443

146.70.161.82:443

rc4.plain

Targets

- Target
  
  XAnbADuUedJlBE.bat
- Size
  
  1KB
- MD5
  
  8ae47905093ff8acd0fc3f023a30bbdc
- SHA1
  
  184fc76e91488b8ad5b3041153ba8d9a98eafc07
- SHA256
  
  7dfb2ecf76c386504119056d20f3a65d83f7bb3f297e2f63aa63b2e205c72105
- SHA512
  
  24e7ad5726e69f160dee69d103f6674bf929813763d1d2ae46bdd6132b3e8851de67c8171a53223a05dd1fcc9823becaefd108b7db8ab185d2a8bc8a3b150346
Score

10^/10

bumblebee 0811 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  project details.lnk
- Size
  
  995B
- MD5
  
  602cd18f1efe7bb632476465912c9b1c
- SHA1
  
  a2f5f20df297f37fc2bb90156db971a3092b3427
- SHA256
  
  6fb4c22af244bdf6cb2bb520086dd48c01ba547f11b57ffd6c7f6c9aa09af639
- SHA512
  
  6810bcc2503ef14e42ce6997463375d7c92431774dc0afc22a2e7c5bfb7e1bdb7facaf1b91549c108fc10a4ae7623aa5c0178aad291d70cc30a76f6e495d59d4
Score

10^/10

bumblebee 0811 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  uDzpJZuAIMIPqQ.dll
- Size
  
  974KB
- MD5
  
  05454e5374dc8aa66f06cab516557b45
- SHA1
  
  6c8d798ad2e97ca2faead871cab67f827d6ac62a
- SHA256
  
  90162de4666cd086ae4ee6688a5a714fd152c6dbc14afee56fc2ae46bdfe8269
- SHA512
  
  5be5549df3c5eebdf13bdb7386294d11bb45bccb5ff3fb4a94abf324128bcca2dfb3029a8150d687423f5c1da36cdfc0debaf56165c28d08169a1be58ce32775
- SSDEEP
  
  24576:cfKDb7MIZeTdPvtbgNshxE42cHeZpuDAa34u4vvDcN:4qvE3Vg6J2c+ikDbvYN
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee0811trojan

behavioral2

bumblebee0811trojan

behavioral3

bumblebee0811trojan

behavioral4

bumblebee0811trojan

behavioral5

behavioral6