bumblebee | e07d7854cce7ab3dcb02142f73f1e62bd711d6a47a2563902efa50236378f45d | Triage

Sharing

General

Target

20221129.zip
Size

723KB
Sample

221130-rw3x6acb7w
MD5

107b6994dfba180ee06c3b8a1e82fb02
SHA1

236822d45e31a48cd437dba378281372591c5ff2
SHA256

e07d7854cce7ab3dcb02142f73f1e62bd711d6a47a2563902efa50236378f45d
SHA512

ab9c2b77bf18d6eb90df02e7ea7fb5b790525e04deeda6aeab6d3509b407c3d40fbdb0d73ec100251643652675bc384540e23af584aca1834bfd6d676b9376a7
SSDEEP

12288:fSALnZSltHMa3+TT4gqxzvdDALUoL1GEii4DSvnHpxaFf0m9nQ:KALZktHMauwgqRvFALhBESPsfhQ

Score

10^/10

bumblebee 2811 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

2811

C2

146.19.173.45:443

154.188.162.149:443

108.62.118.206:443

85.239.54.145:443

rc4.plain

Targets

- Target
  
  91903298998397.lnk
- Size
  
  979B
- MD5
  
  dc4124b4537c8a42508dfa8a46850578
- SHA1
  
  2e2be02dce5e8c42604693713f8bfd8e5e712284
- SHA256
  
  a3d2b659b9c1a077fed4b8a83bede2ba2eeb04bd27196b49d4d17350afd977a0
- SHA512
  
  ce4c6bce3b0335a7736eaee447d066c06e1aeeac4fb3de05d704fe9106d47f009f67a79078871d9a639b108d84887f8c858db3d945f6bce63e1243c975c9ed9b
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  energy.bat
- Size
  
  2KB
- MD5
  
  ea64c664cb61bb2150ffe024ba9faea5
- SHA1
  
  4408853714fffa586bc56508b2743a7f67766b69
- SHA256
  
  66c4c1467f55479771278a1fa70ee2d3ad02662d20cf9074e273c8b259715a8e
- SHA512
  
  7b3c6e8215bb94733b2fc7759c37e7e951b62e198f3144fc03bb4c457ce28a3539b3f86a74aa2f9c793556b0b0c6edbc2be47432f3693538adb4060767cc27ae
Score

1^/10
behavioral3 behavioral4
- Target
  
  survey.dll
- Size
  
  879KB
- MD5
  
  4901cef8e715a3ccb26e30f116cb6c26
- SHA1
  
  06b139e9bc5d3d3089af8e342546e7bbc43b8a06
- SHA256
  
  e2d3186f0663527951e5cda5491540c28ef492c54adc31852ca81c27e6a0621b
- SHA512
  
  c7fdc80817a1e727ac9243bf656c307f9118a4c0536eb5cd7b690a784ca02083a0ade03cc740e7c6730da73d4788ea8ccaff151d88bee8c8d465538cdfb340f3
- SSDEEP
  
  12288:BqvXeaivnQ9HHK7fOlmPkOvszjIsAblDAoPkNhSZoBtlC406ZIjWzEFCXeIlso:Bq/eaivQ9HHDlE8jwl8HPS+tER6ocSo
Score

10^/10

bumblebee 2811 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

bumblebee2811trojan

behavioral6

bumblebee2811trojan