bumblebee | 7cf7b8e58c5955697c7de6b8d90936ba16fde52e1004c5854ad5b2a731b8a7b0 | Triage

Resubmissions

11-11-2022 01:35

221111-bzzrxagac6 10

10-11-2022 13:29

221110-qrhkzscbcm 10

Sharing

General

Target

newfile42.xlsm
Size

56KB
Sample

221110-qrhkzscbcm
MD5

8627921983baab8f93b6150dd57f16a5
SHA1

4d17d0b708cb3545da5473b12be81d5942e8c757
SHA256

7cf7b8e58c5955697c7de6b8d90936ba16fde52e1004c5854ad5b2a731b8a7b0
SHA512

7e6a37449c5bd9a3c5c8859b6c12793c7c0a0b8234486891debbe64cca97cf1c3534912cf1bf1999e8319265d824f12eb492c469aee2917734b954713e652213
SSDEEP

768:m9xgHyxWpt1J3S5f3v4Jfa3ODVs3KnooaRHIuZVvu4hBv5FEwsE:eiyxWLC5/wJi3eVsdtLVvFhBBy/E

Score

10^/10

bumblebee 0411r trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0411r

C2

172.86.121.123:443

176.223.165.125:443

45.66.248.216:443

rc4.plain

Targets

- Target
  
  newfile42.xlsm
- Size
  
  56KB
- MD5
  
  8627921983baab8f93b6150dd57f16a5
- SHA1
  
  4d17d0b708cb3545da5473b12be81d5942e8c757
- SHA256
  
  7cf7b8e58c5955697c7de6b8d90936ba16fde52e1004c5854ad5b2a731b8a7b0
- SHA512
  
  7e6a37449c5bd9a3c5c8859b6c12793c7c0a0b8234486891debbe64cca97cf1c3534912cf1bf1999e8319265d824f12eb492c469aee2917734b954713e652213
- SSDEEP
  
  768:m9xgHyxWpt1J3S5f3v4Jfa3ODVs3KnooaRHIuZVvu4hBv5FEwsE:eiyxWLC5/wJi3eVsdtLVvFhBBy/E
Score

10^/10

bumblebee 0411r trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebee0411rtrojan