bumblebee | 44ed83c8c4c46d8311989ee46ee8cf044c709cccf89580b1758b21091fc44193 | Triage

Sharing

General

Target

malicious.zip
Size

706KB
Sample

221115-dbyk2sba6s
MD5

b45e695ce9b1bb999bf80b27aadd9dbb
SHA1

5de4f8b62c313d164ec135c5369eb7791b550e63
SHA256

44ed83c8c4c46d8311989ee46ee8cf044c709cccf89580b1758b21091fc44193
SHA512

fd66b8e674a5cd274cef7a9ebdfc8c87daf201dc012d37294b11be40b3e3333a040e4521ef0516682386e3a008ad1f82d20e25057ced5d7bd5cac3daeae975f5
SSDEEP

12288:2xFjsWrpXktPmn7TjPG6JsfVr+1iM9qEs9Jr/FsZ/KLbgOk6uMmQ/QlSoyyFg0fH:2x7V4PWTjuisfVui5L9Jr/6ugH6uqYlb

Score

10^/10

bumblebee 1411 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1411

C2

107.189.13.247:443

64.44.102.241:443

54.37.130.24:443

rc4.plain

Targets

- Target
  
  malicious/HUeLjsrbrChRXV.bat
- Size
  
  1KB
- MD5
  
  834daa3583a380ed808b4b3f7cc53744
- SHA1
  
  70d878eff559dc9af26e2a3f27defa58a21a69b9
- SHA256
  
  344ec9189a2b37185cd0e5fa8c06b47daa10040fcc47e75d592e5e49874e8412
- SHA512
  
  6bb7c2740f0dd07a930935a0b683315fd6ce3645f44086fa326f80b309cd946778f2b7365b910c9b101e6a4a21866e4c4d2cc6a856243de47d7506ffdae019a1
Score

10^/10

bumblebee 1411 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1
- Target
  
  malicious/eXrZsNsGUlguMh.dll
- Size
  
  879KB
- MD5
  
  e898a8e758c6d5c8b187f3eeb136cbd2
- SHA1
  
  f7754fc36454c07ff7eda9845e3c615e419f804a
- SHA256
  
  3eebf8c9fa461f01a64d8d95bc5ec7dc3459f7c141f903f1cb6da7d77c4837b9
- SHA512
  
  e7dd7e9a2db71fa82846b460840bf22863aedb464dc65c71065993e33eda637e5901f2baf7503aae4d02831f59a7c90b616df8ef1a8e49609e3431b96435c45a
- SSDEEP
  
  24576:hnVr8xZQgnKd0b7/dfpgHiMequAvD2D6:hnVgEcK0/lJquF6
Score

10^/10

bumblebee 1411 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral2
- Target
  
  malicious/project details.lnk
- Size
  
  995B
- MD5
  
  ec8f76a02f7125a76f3c0413d95a0bda
- SHA1
  
  56a33acc112261c0c4a4f0e1d730688e08a13464
- SHA256
  
  d2f0c9e1c6763b2c92f934df6870e69df0143f5d9fa55a0a042e1cde13b888ff
- SHA512
  
  96374f8aef55f43095b4b614abb9066e922e0cbdacad00732ee0a20a1e4cbc30876831a6b2c7dbe83216680c2313b5952f55f232b4b675522a289d36b086f549
Score

10^/10

bumblebee 1411 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee1411trojan

behavioral2

bumblebee1411trojan

behavioral3

bumblebee1411trojan