bumblebee | c99d8022ba102c4152c0bb445a4cb90616bf77d9ad329432cacbe1243068bd5f | Triage

Submit
Reports

Overview

overview

Static

static

uk1108.xlsm

windows7-x64

1

uk1108.xlsm

windows10-2004-x64

Sharing

General

Target

uk1108.xlsm
Size

56KB
Sample

221109-pbfk1sggd3
MD5

fed5ca25e44378f5d0855ff53471a0fd
SHA1

07e15c01242644b8ba067e19dc5e2cda116ad66d
SHA256

c99d8022ba102c4152c0bb445a4cb90616bf77d9ad329432cacbe1243068bd5f
SHA512

2bbf20c069db84df6fc6bba863e5942b4c4289b026ba23dd1b8dc88078871f1e891fa6828d97c03af03f465af8499080b31150f2574298af500517821730be28
SSDEEP

768:m9x5Mu+xWpt1J3S5f3v4Jfa3ODVs3KnooaRHIuZVvgEeqI54f5Wl:eHMu+xWLC5/wJi3eVsdtLVvm+0l

Score

10^/10

bumblebee 0411r trojan

Static task

static1

Behavioral task

behavioral1

Sample

uk1108.xlsm

Resource

win7-20220812-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

uk1108.xlsm

Resource

win10v2004-20220812-en

bumblebee 0411r trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

bumblebee

Botnet

0411r

C2

172.86.121.123:443

176.223.165.125:443

45.66.248.216:443

rc4.plain

Targets

- Target
  
  uk1108.xlsm
- Size
  
  56KB
- MD5
  
  fed5ca25e44378f5d0855ff53471a0fd
- SHA1
  
  07e15c01242644b8ba067e19dc5e2cda116ad66d
- SHA256
  
  c99d8022ba102c4152c0bb445a4cb90616bf77d9ad329432cacbe1243068bd5f
- SHA512
  
  2bbf20c069db84df6fc6bba863e5942b4c4289b026ba23dd1b8dc88078871f1e891fa6828d97c03af03f465af8499080b31150f2574298af500517821730be28
- SSDEEP
  
  768:m9x5Mu+xWpt1J3S5f3v4Jfa3ODVs3KnooaRHIuZVvgEeqI54f5Wl:eHMu+xWLC5/wJi3eVsdtLVvm+0l
Score

10^/10

bumblebee 0411r trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Downloads MZ/PE file
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebee0411rtrojan

© 2018-2025

Terms | Privacy