bumblebee | e4a011517eeb68f8c76e39a7d760454cb47a8b45a83453a18c8814706c758bbc | Triage

Sharing

General

Target

img.img
Size

2.0MB
Sample

221109-s9dqvsbfbj
MD5

124287ed57e94dc2789efb4a92c5423b
SHA1

15926067aa84318dcb8591e3a6e105f3e7d21663
SHA256

e4a011517eeb68f8c76e39a7d760454cb47a8b45a83453a18c8814706c758bbc
SHA512

60096e0cc1cd82ba0d8f4d5b44e511bb21e438f0de28ea1244683dbb9d82b07e8bf5312553d95ec6567074ae60a9610232b77b591e95779fd1289bfc037ccf48
SSDEEP

24576:CIoU6IqOguEm4hw7FElkbaapvI++0MdkLwjhE:MUvg+4K7FElkbaauMw+

Score

10^/10

bumblebee 0911i trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0911i

C2

64.44.101.25:443

146.70.100.80:443

51.83.225.143:443

rc4.plain

Targets

- Target
  
  img.img
- Size
  
  2.0MB
- MD5
  
  124287ed57e94dc2789efb4a92c5423b
- SHA1
  
  15926067aa84318dcb8591e3a6e105f3e7d21663
- SHA256
  
  e4a011517eeb68f8c76e39a7d760454cb47a8b45a83453a18c8814706c758bbc
- SHA512
  
  60096e0cc1cd82ba0d8f4d5b44e511bb21e438f0de28ea1244683dbb9d82b07e8bf5312553d95ec6567074ae60a9610232b77b591e95779fd1289bfc037ccf48
- SSDEEP
  
  24576:CIoU6IqOguEm4hw7FElkbaapvI++0MdkLwjhE:MUvg+4K7FElkbaauMw+
Score

10^/10

bumblebee 0911i trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee0911itrojan