bumblebee | b90f420b5e66c7f9c24c75bc0553d250bb0d79df2be0b0738625cb7159d86fa7 | Triage

Sharing

General

Target

week.dll
Size

925KB
Sample

221201-y7xzlsca8t
MD5

8c99216011886a809be0b08f5128b91c
SHA1

a6c2eb84abdd08b894b6f4daa64e1cf367481193
SHA256

b90f420b5e66c7f9c24c75bc0553d250bb0d79df2be0b0738625cb7159d86fa7
SHA512

c9a4acf7b1cda0d2617c69bb5c8cbd28b530f856d271e2dc7c08bd75d60dedd8393e23901e63b4c23de4833be4997ddc9b245fb90231922d14e2a38e03b5635c
SSDEEP

24576:i+meq+lHCu0cja71hbkGeVdf36dPsxg/MP:vmeq+whtkFNg/k

Score

10^/10

bumblebee 0112 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0112

C2

172.86.123.150:443

91.245.253.76:443

23.106.223.1:443

rc4.plain

Targets

- Target
  
  week.dll
- Size
  
  925KB
- MD5
  
  8c99216011886a809be0b08f5128b91c
- SHA1
  
  a6c2eb84abdd08b894b6f4daa64e1cf367481193
- SHA256
  
  b90f420b5e66c7f9c24c75bc0553d250bb0d79df2be0b0738625cb7159d86fa7
- SHA512
  
  c9a4acf7b1cda0d2617c69bb5c8cbd28b530f856d271e2dc7c08bd75d60dedd8393e23901e63b4c23de4833be4997ddc9b245fb90231922d14e2a38e03b5635c
- SSDEEP
  
  24576:i+meq+lHCu0cja71hbkGeVdf36dPsxg/MP:vmeq+whtkFNg/k
Score

10^/10

bumblebee 0112 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee0112trojan

behavioral2

bumblebee0112trojan