bumblebee | c80de52d42e21278610b0516bfcf4ebda136a5696af3f60a5e5782911e4276d0 | Triage

Sharing

General

Target

TA580_20221114.zip.zip
Size

705KB
Sample

221114-vt7p4sha5y
MD5

51802b7dc8c222fa974cdeff75445636
SHA1

2fc4119f12bae72d491258a6cff4c4fe66279db3
SHA256

c80de52d42e21278610b0516bfcf4ebda136a5696af3f60a5e5782911e4276d0
SHA512

cac5499b99ec4cfab40a38250980982304a2356a935f69ca5c8235a5377b6e247e33bf082dafcedf41ab2feb512b38d59a29025d44e99488abb91e6461367b5a
SSDEEP

12288:gXrjOlv7O4FMUEPKkoOtKuOeR/LdLLqZ3pcBr1yivh26d9+HFXgD3uFOJDt:OrahTMUEyko5M/BLLg3SKivh2G90m+Fo

Score

10^/10

bumblebee 1411 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1411

C2

107.189.13.247:443

64.44.102.241:443

54.37.130.24:443

rc4.plain

Targets

- Target
  
  TA580_20221114.zip/DDmEtxgXtOVOLY.bat
- Size
  
  1KB
- MD5
  
  7d3bc8f7c05afe9f898ba052bd77d0ac
- SHA1
  
  59dee82b4be9a3d67a86cef3fea439b5c1f4e3ac
- SHA256
  
  71eb244220efc90f4a4a272117e00b9f7e975758b3c3bd1fc4cc28fae58173e5
- SHA512
  
  322dc1afb53d19f9cfe90951ea543241e29d34c51fe4d0e6bd23da46d778b489285debf3dd594f8e5007c511341e4515f14a521822009cc2864ca82773537075
Score

10^/10

bumblebee 1411 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  TA580_20221114.zip/aGySCShDWxUsAj.dll
- Size
  
  881KB
- MD5
  
  1233a723ebdece80cb592aa584510066
- SHA1
  
  d52fe73050ba2b765dde5038db762b183641aee8
- SHA256
  
  0b98bff25ebce8053e2c39214b3622b8d8666ae416afb52c5842312f27a6914f
- SHA512
  
  69a8c85c71cc2450c336ee7f50bc00de8d4c953dcd8c7a34c87ab14db5a23a15bae7a87fb86923f54ddb4efcd518885f9b4c99d85738eeac0e349b4cffd90f43
- SSDEEP
  
  24576:1GpCocuZdWdqF9krwNlW5HtTPVEbzedDRSpN:1Gvcldqjkz5Nj+bz4DRSn
Score

10^/10

bumblebee 1411 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  TA580_20221114.zip/project details.lnk
- Size
  
  995B
- MD5
  
  36c88fc4dad628187c082ebd899d448e
- SHA1
  
  6e27840f65ed3cc3c2b7af6778219e8681e3ec7a
- SHA256
  
  e420fc11b53ca2553521adf57668118b494cee687f54f64e79a5558f7a34c30f
- SHA512
  
  7709b7f348b56889a579da6b4efcc52d73372f3bcc4e0a93c721f6fb76540fc26f2f4aabad36385d291ef804e95efff9dc20bd7bc4e468117cfa29dd47ace6b5
Score

10^/10

bumblebee 1411 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee1411trojan

behavioral2

bumblebee1411trojan

behavioral3

bumblebee1411trojan

behavioral4

bumblebee1411trojan

behavioral5

bumblebee1411trojan

behavioral6

bumblebee1411trojan