Overview

overview

10

Static

static

Document.lnk

windows7-x64

3

Document.lnk

windows10-2004-x64

3

maidservan...ss.dll

windows7-x64

10

maidservan...ss.dll

windows10-2004-x64

10

maidservan...nd.cmd

windows7-x64

1

maidservan...nd.cmd

windows10-2004-x64

1

maidservan...ly.bat

windows7-x64

1

maidservan...ly.bat

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Document_1519.iso

  • Size

    978KB

  • Sample

    221124-lt2peseh23

  • MD5

    3813e61ca092cdbf36d948d5db48e1a8

  • SHA1

    3fab0c00e5b7308be0f6c2222d8895378bc2d372

  • SHA256

    68c45ecdd246af91511001d1e6cd8ba7dc28713663ba86386c942cc3af07a66a

  • SHA512

    131b59efbca833f0acf1ddad81e201b831be21927b26bc2b33bbb5083df9884953ec974b26c7ac7fc2952eb112b2ead79bcc83f7542fbed608ae2a77aea127f6

  • SSDEEP

    24576:NvDDsTC8SzD4CqlvwzB/HG0sA9XzjbJG6GMAR0D:NvDDsTSH4C2vwVB9Xzjt

Score
10/10
bumblebee0211rtrojan

Malware Config

Extracted

Family

bumblebee

Botnet

0211r

C2

193.109.120.156:443

192.111.146.184:443

104.219.233.113:443
rc4.plain

Targets

    • Target

      Document.lnk

    • Size

      1KB

    • MD5

      969888603c58d1d746f7b5ef89092e9b

    • SHA1

      d676f058135af1ed3e711a386909c62222250105

    • SHA256

      fa3b0e4fc1bebd6e65607e08ce682a37aaada61eeeca1c40c5c269fea9d59712

    • SHA512

      61dd38d75c0e3ba91d9649e1d9758007d5bbf7455316e9c7c1ec4c2f8453a6f4e76ba385bff03abeb14c217259b8d33e623621857af2de72b578adb2caf9172f

    Score
    3/10
    behavioral1behavioral2

    • Target

      maidservant/heedlessness.dat

    • Size

      883KB

    • MD5

      0d8b2bd512ec93a266ffb0eead07cfdc

    • SHA1

      a9c4f7ef2e38f0051ea241cf3c0a9f16ecbad14e

    • SHA256

      4cd62e4c1642e835def5cc284a2f81b0124f0126719be659e6439d14fb17841d

    • SHA512

      c403b8f708d9b3eb49d1d6a07f20a00efdafd62c46655f3517515cd2cd2922ae86473d657676685b372b1fa04c9b38e22de8378c34548c275a7397af5d53f05b

    • SSDEEP

      24576:wvDDsTC8SzD4CqlvwzB/HG0sA9XzjbJG6GMAR0D:wvDDsTSH4C2vwVB9Xzjt

    Score
    10/10
    bumblebee0211rtrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral3behavioral4

    • Target

      maidservant/motherland.cmd

    • Size

      283B

    • MD5

      91b593f3b31583f5cb2be50cd1a8adc2

    • SHA1

      4b421e4e7237a0110386dea58af9132740c44716

    • SHA256

      f1cc4afe97ac1213e55d30f5b839ef13c93dd7b814de91ffcd1f8d34fed6f7ca

    • SHA512

      af2407f75298b1ef8780cb9c9abdeabdc9ba9ed06b3001ec29308288734a9602a2de1a4ed850c231341dc112fc853be1ccfabca688246259cc02f2b4c7150225

    Score
    1/10
    behavioral5behavioral6

    • Target

      maidservant/volcanically.bat

    • Size

      283B

    • MD5

      149d45fb10a288aea0567a6ff52e7b62

    • SHA1

      bdf1c1d3ce38251a7269a1aac067daa99c092136

    • SHA256

      2fead0387db9f29da3b1610e152df91da0500da018b299a1d8d011bbde70308a

    • SHA512

      d1cb22073131ad2568a69442d59437abcf60878e082f3132e008f17b9c83d84f0d756cb480494a4b1d87e693a6c9d475a628eeff5b3e03d9bef29cb5fc81472d

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Enterprise v6

Tasks