bumblebee | 42a63fe8c0d8f9c2fa090a69d85f5e5b35beef468b58912db56c78dcde79a929 | Triage

Sharing

General

Target

42a63fe8c0d8f9c2fa090a69d85f5e5b35beef468b58912db56c78dcde79a929.exe
Size

878KB
Sample

221125-a47smsae85
MD5

07b711458d0b4240267f7e47b50075d1
SHA1

e2e9feb1b42562cb1f22685667f8299dcdf10042
SHA256

42a63fe8c0d8f9c2fa090a69d85f5e5b35beef468b58912db56c78dcde79a929
SHA512

68fe82b71fc8e063642653a57fd2fe5580c233f22a4b17b4e5fc95456c7c96cd23a389b614d8d225c33f174c376795e55ebb409159ed5473a4f5d005bd933434
SSDEEP

24576:9IRXooWOMQ4569PPkHHPplBDVaYRxH6df30Ra2HN7:9I5XWOZw6hMnBlbamH6dc1N7

Score

10^/10

bumblebee 1411 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1411

C2

107.189.13.247:443

64.44.102.241:443

54.37.130.24:443

rc4.plain

Targets

- Target
  
  42a63fe8c0d8f9c2fa090a69d85f5e5b35beef468b58912db56c78dcde79a929.exe
- Size
  
  878KB
- MD5
  
  07b711458d0b4240267f7e47b50075d1
- SHA1
  
  e2e9feb1b42562cb1f22685667f8299dcdf10042
- SHA256
  
  42a63fe8c0d8f9c2fa090a69d85f5e5b35beef468b58912db56c78dcde79a929
- SHA512
  
  68fe82b71fc8e063642653a57fd2fe5580c233f22a4b17b4e5fc95456c7c96cd23a389b614d8d225c33f174c376795e55ebb409159ed5473a4f5d005bd933434
- SSDEEP
  
  24576:9IRXooWOMQ4569PPkHHPplBDVaYRxH6df30Ra2HN7:9I5XWOZw6hMnBlbamH6dc1N7
Score

10^/10

bumblebee 1411 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebee1411trojan

behavioral2

bumblebee1411trojan