Overview

overview

10

Static

static

newfile43.xlsm

windows7-x64

1

newfile43.xlsm

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    newfile43.xlsm

  • Size

    56KB

  • Sample

    221110-gwn4wshbgm

  • MD5

    042d1ae5cc4063907200d18f59e4410e

  • SHA1

    2244f8d0d336801b2280cec5c47c08c5119d8be1

  • SHA256

    71a31230604bf678a60842f7625912b27270972f1e9b0e76ea21848ee50be9d4

  • SHA512

    e7a3fb9c73e02e0f0e59b212b33eb15adf0ef8447be9498f9ccafc4eaccd41a28e68070c2d7317ed3d5c8c5b1933eeb51446dff4818166752f845f95e33370ed

  • SSDEEP

    768:m9x2KUlxWpt1J3S5f3v4Jfa3ODVs3KnooaRHIuZVvZbV1sNl1A6u4:eHUlxWLC5/wJi3eVsdtLVvT1US4

Score
10/10
bumblebee0411rtrojan

Malware Config

Extracted

Family

bumblebee

Botnet

0411r

C2

172.86.121.123:443

176.223.165.125:443

45.66.248.216:443
rc4.plain

Targets

    • Target

      newfile43.xlsm

    • Size

      56KB

    • MD5

      042d1ae5cc4063907200d18f59e4410e

    • SHA1

      2244f8d0d336801b2280cec5c47c08c5119d8be1

    • SHA256

      71a31230604bf678a60842f7625912b27270972f1e9b0e76ea21848ee50be9d4

    • SHA512

      e7a3fb9c73e02e0f0e59b212b33eb15adf0ef8447be9498f9ccafc4eaccd41a28e68070c2d7317ed3d5c8c5b1933eeb51446dff4818166752f845f95e33370ed

    • SSDEEP

      768:m9x2KUlxWpt1J3S5f3v4Jfa3ODVs3KnooaRHIuZVvZbV1sNl1A6u4:eHUlxWLC5/wJi3eVsdtLVvT1US4

    Score
    10/10
    bumblebee0411rtrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks