bumblebee | e107a5182ba2130a4f46d2825e5acf8f6e847c9beef055eead5baafbf86731f0 | Triage

Sharing

General

Target

TA580_transfernow_20221114.zip
Size

703KB
Sample

221114-wp2tqshb6v
MD5

3be72c8ac62a54d74cdd1da777e1262e
SHA1

d8cc1bbc80d81860db8f6d185c2ee7c5db49a06b
SHA256

e107a5182ba2130a4f46d2825e5acf8f6e847c9beef055eead5baafbf86731f0
SHA512

d21f8a63b116ee2601ce8bc472b684aceebf723843825810040927cbe57304a53940adaf88b9d45e485cbd3cbbd17e5a15a8a6c20f62f3ea867d8c15cb5245bc
SSDEEP

12288:uzoAfqNxQWq3o/Zpub6EFUop8IrMsy4abT1aoDnTpCJyb7Yln17qDqp+P0gd:CNf7o/Zp2fF9hsbgkTpCJyb7Yl1f+ld

Score

10^/10

bumblebee 1411 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1411

C2

107.189.13.247:443

64.44.102.241:443

54.37.130.24:443

rc4.plain

Targets

- Target
  
  TDGxENRMCBkgkc.bat
- Size
  
  1KB
- MD5
  
  372223c90e92c1bd3333eb5175375d10
- SHA1
  
  bb4892289f99f41a5a56e18db703149ea80040f6
- SHA256
  
  7a2b6dcdba0158d583d37512ddcfe816d31124c3234498a5910dac141869ffdd
- SHA512
  
  010a7cce6c6c91c3716ec3dadfabb534c65a2a9e07b429b42ac62b3bcce1748f69d998d46370c36e2dccdac8e393e7b1681dd0aa09102fa7e416fcb56f9c0c87
Score

10^/10

bumblebee 1411 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  pFTLNjSsgkkKZo.dll
- Size
  
  878KB
- MD5
  
  07b711458d0b4240267f7e47b50075d1
- SHA1
  
  e2e9feb1b42562cb1f22685667f8299dcdf10042
- SHA256
  
  42a63fe8c0d8f9c2fa090a69d85f5e5b35beef468b58912db56c78dcde79a929
- SHA512
  
  68fe82b71fc8e063642653a57fd2fe5580c233f22a4b17b4e5fc95456c7c96cd23a389b614d8d225c33f174c376795e55ebb409159ed5473a4f5d005bd933434
- SSDEEP
  
  24576:9IRXooWOMQ4569PPkHHPplBDVaYRxH6df30Ra2HN7:9I5XWOZw6hMnBlbamH6dc1N7
Score

10^/10

bumblebee 1411 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  project details.lnk
- Size
  
  995B
- MD5
  
  df5a41f7e317853827d382e4571d0080
- SHA1
  
  567a29d53d0ec6cdceef71ce3ae5b5c422a00035
- SHA256
  
  608900fe841dcedc2dceae20834ed1d492fd0e7625be681c0f608cafe830bd1b
- SHA512
  
  b827a09d0b26478b9c8219440e9492e02b618ee9685c2afd7895aed6fb0cc042287264581e1432577e48e7a01b33c97d77b8948aeef62b79d20e0785c8c4ca2b
Score

10^/10

bumblebee 1411 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee1411trojan

behavioral2

bumblebee1411trojan

behavioral3

bumblebee1411trojan

behavioral4

bumblebee1411trojan

behavioral5

bumblebee1411trojan

behavioral6

bumblebee1411trojan