bumblebee | 70f15444a37e87639aa53d866f06ee80b7f0f9943e0538aee3c3009d27bf41a9 | Triage

Sharing

General

Target

70f15444a37e87639aa53d866f06ee80b7f0f9943e0538aee3c3009d27bf41a9
Size

877KB
Sample

221130-zb633scf78
MD5

61e503292367c7aec784ad98e3c0bc8a
SHA1

d0885d898406f48aa326c575a76ecff3a9ce1f00
SHA256

70f15444a37e87639aa53d866f06ee80b7f0f9943e0538aee3c3009d27bf41a9
SHA512

2ad2914c6dc1d14bc5c4e32daa602b313a05c2d9ce429928038fdb0d17f19e081662128498727bf7be9240ac9fefbd73d2d7e7202e2ebd8718070510dfce3e87
SSDEEP

12288:j0SuY9Ah/KMIobH6Rs9H0ehvjo2zAou6mh3s72KBu9/sfsTkcesTViT5AEB95ub:j01YKhiWL6C90TNHph3w2KBokCoHDI

Score

10^/10

bumblebee 3011 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

3011

C2

37.28.156.24:443

108.62.118.206:443

108.62.141.221:443

146.59.116.25:443

85.239.54.145:443

146.19.173.45:443

223.154.146.64:443

rc4.plain

Targets

- Target
  
  70f15444a37e87639aa53d866f06ee80b7f0f9943e0538aee3c3009d27bf41a9
- Size
  
  877KB
- MD5
  
  61e503292367c7aec784ad98e3c0bc8a
- SHA1
  
  d0885d898406f48aa326c575a76ecff3a9ce1f00
- SHA256
  
  70f15444a37e87639aa53d866f06ee80b7f0f9943e0538aee3c3009d27bf41a9
- SHA512
  
  2ad2914c6dc1d14bc5c4e32daa602b313a05c2d9ce429928038fdb0d17f19e081662128498727bf7be9240ac9fefbd73d2d7e7202e2ebd8718070510dfce3e87
- SSDEEP
  
  12288:j0SuY9Ah/KMIobH6Rs9H0ehvjo2zAou6mh3s72KBu9/sfsTkcesTViT5AEB95ub:j01YKhiWL6C90TNHph3w2KBokCoHDI
Score

10^/10

bumblebee 3011 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebee3011trojan

behavioral2

bumblebee3011trojan