bumblebee | 8ef540dba9d6f21332f766ea513a8bd249c346773ae58106d7682ce40bb37e0e | Triage

Sharing

General

Target

104-221.7z
Size

634KB
Sample

221110-mg7kkshac8
MD5

093eeb89086248a3c9fb8a704325f26a
SHA1

0329a83b7eb087e803b09f1febe3d6b53d26567f
SHA256

8ef540dba9d6f21332f766ea513a8bd249c346773ae58106d7682ce40bb37e0e
SHA512

0705a3fc36f6b276783cf7da4382f8e1fd8f67102f93ce8cf3fb466edc3c3bfa34a942ee70f6f43be5491373996c3b0d4a295f07b6b78aaf917fd82f6454e646
SSDEEP

12288:AMS/DL8hjwEDS4eWIZV6iuhjb0daLI6kNTgeatunU1U5aydwpkieGrjtF:AMS/DYhjweS4eNr9uSoGNHa8U1U5aydM

Score

10^/10

bumblebee 0311t2 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0311t2

C2

39.65.8.170:443

103.144.139.156:443

107.189.30.231:443

91.245.254.101:443

194.135.33.127:443

rc4.plain

Targets

- Target
  
  ini.bat
- Size
  
  54B
- MD5
  
  1569f10208cb9da7614262b3a8218ee0
- SHA1
  
  8af330c88518cd43ba9cd509f5a7c894c4c95018
- SHA256
  
  f418b9c6fbca29c793d0c114b792caea62da10090b4b0cc5b9541af10dc9c874
- SHA512
  
  f0711d61100bafdd70bae19be085436dfce697ecef1e13c6eb4be5cc597843cd5deb6a4230a38aa0f68a8b60586819cd5f09d36d8a1c54530a6d61fce57e8af1
Score

10^/10

bumblebee 0311t2 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebee0311t2trojan

behavioral2

bumblebee0311t2trojan