bumblebee | 0b98bff25ebce8053e2c39214b3622b8d8666ae416afb52c5842312f27a6914f | Triage

Sharing

General

Target

aGySCShDWxUsAj.dll.exe
Size

881KB
Sample

221115-f1ewcabd8v
MD5

1233a723ebdece80cb592aa584510066
SHA1

d52fe73050ba2b765dde5038db762b183641aee8
SHA256

0b98bff25ebce8053e2c39214b3622b8d8666ae416afb52c5842312f27a6914f
SHA512

69a8c85c71cc2450c336ee7f50bc00de8d4c953dcd8c7a34c87ab14db5a23a15bae7a87fb86923f54ddb4efcd518885f9b4c99d85738eeac0e349b4cffd90f43
SSDEEP

24576:1GpCocuZdWdqF9krwNlW5HtTPVEbzedDRSpN:1Gvcldqjkz5Nj+bz4DRSn

Score

10^/10

bumblebee 1411 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1411

C2

107.189.13.247:443

64.44.102.241:443

54.37.130.24:443

rc4.plain

Targets

- Target
  
  aGySCShDWxUsAj.dll.exe
- Size
  
  881KB
- MD5
  
  1233a723ebdece80cb592aa584510066
- SHA1
  
  d52fe73050ba2b765dde5038db762b183641aee8
- SHA256
  
  0b98bff25ebce8053e2c39214b3622b8d8666ae416afb52c5842312f27a6914f
- SHA512
  
  69a8c85c71cc2450c336ee7f50bc00de8d4c953dcd8c7a34c87ab14db5a23a15bae7a87fb86923f54ddb4efcd518885f9b4c99d85738eeac0e349b4cffd90f43
- SSDEEP
  
  24576:1GpCocuZdWdqF9krwNlW5HtTPVEbzedDRSpN:1Gvcldqjkz5Nj+bz4DRSn
Score

10^/10

bumblebee 1411 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebee1411trojan

behavioral2

bumblebee1411trojan