bumblebee | e731a9904849499018e7761354c7eee9ffd8bd68f32a4eaad75311e342066ac7 | Triage

Sharing

General

Target

Desktop.zip
Size

760KB
Sample

221117-y2qncabe7z
MD5

9fa8d5808b8bb6544743384e10bf7c98
SHA1

7e8ed38a8bcf814fcce7694d88c2bba0cb4aef9a
SHA256

e731a9904849499018e7761354c7eee9ffd8bd68f32a4eaad75311e342066ac7
SHA512

fb0c384c1a482f939e46c57bbf32e962f67d5ef1e16ea9cbc8ca9e400385660fc7e42e3bf7dac2e76f3658738a6eb56193526ee2250ec876410706aca965738a
SSDEEP

12288:zAgrDb1wpVZnF1tEb0bA+ED9r9cvH3yht+YVDA3yLYKMID2Qf:zAADb1w5zgo5caviht+YVJEKHf

Score

10^/10

bumblebee 1711 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1711

C2

193.200.16.175:443

54.37.130.195:443

64.44.97.58:443

rc4.plain

Targets

- Target
  
  DyNNDCUAhTtInE.bat
- Size
  
  965B
- MD5
  
  b6726f389f6192bb504b25d644177e3e
- SHA1
  
  a33967710afae845d5eada41676719960cc45c18
- SHA256
  
  7738c3502abeefb6d032cc88768c4d6370bc1fd250b2c9575646de56c463d721
- SHA512
  
  08da51dd0e0b834e11d23a6fc040af31a90b575a2b8d4603820ab01017af3018a37c25b1072a1eb89e5c0463c6cb0846f597316631a2755b2202961c08905d95
Score

10^/10

bumblebee 1711 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  aBZbMXVgKCtmcQ.dll
- Size
  
  971KB
- MD5
  
  6b4fa6726408b86d6c333ae84cb7bbd8
- SHA1
  
  cb369faa465918e8c88fe9eae9c6f4fec5045dc0
- SHA256
  
  10acbfaf8c4cb43320e5bf75c817ddc57cb21ae74a59b40dfbee8da924027d06
- SHA512
  
  84e0e031766d630b8143817fb9635fac45c97a3ea6a3374f5ab8562a904c6984df225503ebf6a059f67bc704d165b0ee159e383218daa28d3d21368963d5f62f
- SSDEEP
  
  24576:fiSyxKLkWI3do0gTN39pTs/85igpszAMCRdIW:KSyoLtWG0+s/85rOze0
Score

3^/10
behavioral3 behavioral4
- Target
  
  project details.lnk
- Size
  
  995B
- MD5
  
  8c58b17748b7acd6158f3d604997e591
- SHA1
  
  8501dd4d0f7ff82474e01faa3201e3fc03a14fd0
- SHA256
  
  91dd90e5cfd696089fce2e79f4caacd691fd6488ca2ff821bb1b740805826b94
- SHA512
  
  355a641308634de1fbfbf7300de3736c39f9fa233a59589f70ec1c051e08ad2a495c4e6c962e9aa130a5a741ba79ad9e3367e78ebc43cdcc32e39ac8f5f37c52
Score

10^/10

bumblebee 1711 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee1711trojan

behavioral2

bumblebee1711trojan

behavioral3

behavioral4

behavioral5

bumblebee1711trojan

behavioral6

bumblebee1711trojan