bumblebee | 18810249d8c67ac8926613e773e1c5e40449be55c595116dce99bb35004de374 | Triage

Sharing

General

Target

18810249d8c67ac8926613e773e1c5e40449be55c595116dce99bb35004de374.hta
Size

96KB
Sample

221114-qt6etsgb9y
MD5

24432d480bb9d709ab25209a630cb203
SHA1

42a30be9fb069c43ef06fb9acb47909d9dab8cef
SHA256

18810249d8c67ac8926613e773e1c5e40449be55c595116dce99bb35004de374
SHA512

be12606eec050d7c9073c9e36ddbb18b3d69a12dc5823a601b089729640abeeb5e6a7a2ac07131198c468ae96366ef95274409573ebf771a97678d30e049a04a
SSDEEP

1536:v9Q2Ca7Qr8FYoV+iUpQCe9WRhIHt/7YZ1f:v9QTa7Qr8FYc+iUkgYJUnf

Score

10^/10

bumblebee 1011t1 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1011t1

C2

64.44.135.140:443

103.144.139.150:443

146.70.149.43:443

rc4.plain

Targets

- Target
  
  18810249d8c67ac8926613e773e1c5e40449be55c595116dce99bb35004de374.hta
- Size
  
  96KB
- MD5
  
  24432d480bb9d709ab25209a630cb203
- SHA1
  
  42a30be9fb069c43ef06fb9acb47909d9dab8cef
- SHA256
  
  18810249d8c67ac8926613e773e1c5e40449be55c595116dce99bb35004de374
- SHA512
  
  be12606eec050d7c9073c9e36ddbb18b3d69a12dc5823a601b089729640abeeb5e6a7a2ac07131198c468ae96366ef95274409573ebf771a97678d30e049a04a
- SSDEEP
  
  1536:v9Q2Ca7Qr8FYoV+iUpQCe9WRhIHt/7YZ1f:v9QTa7Qr8FYc+iUkgYJUnf
Score

10^/10

bumblebee 1011t1 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebee1011t1trojan