bumblebee | ca484520cfabc9c78add59a56122798772598be027479adafa02c56bb9973606 | Triage

Sharing

General

Target

bumblefiles.zip
Size

689KB
Sample

221206-29lwxaga2v
MD5

1d434800883cb47dcbe8b33ef47bb2a2
SHA1

76d515942226a20658969aa2b4590ee4afdfc7de
SHA256

ca484520cfabc9c78add59a56122798772598be027479adafa02c56bb9973606
SHA512

404a4ccaa53b7215dc2f562dfb47162503a9f8ddbe428192d03cbcf8ac0783ea2c1f11e6d6b4ba6f58521d3b5fcad00b9df3db257870a78bd4830cc40b4c1ec9
SSDEEP

12288:9h+/0/01LYZihifeead5Ls6IcWcm0QieiVBxkPf0XJdGPNaK6MFu:9h+/W01lEkI9c/QcVWsCDu

Score

10^/10

bumblebee 0612 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0612

C2

23.106.223.144:443

139.177.146.137:443

172.86.123.150:443

149.3.170.236:443

rc4.plain

Targets

- Target
  
  matrix.bat
- Size
  
  3KB
- MD5
  
  46b9b47f557d873e587b18ebca4ff39f
- SHA1
  
  e26e3654987feff54a2ed9525862715f2bf5a068
- SHA256
  
  d084bcd4d01dc5964e31910bc90ca4574d6270e1e57f01af7c633ee02e0a6d06
- SHA512
  
  035f4acac4374fa2e0fdc61c00eacc52a0b520fbb1acfef76c8fae776b1cfaf8a3d2e0c7cc971de5245c16f57a1cd12121252ed557a298bb3b4fe8a90f257510
Score

3^/10
behavioral1 behavioral2
- Target
  
  order.lnk
- Size
  
  1KB
- MD5
  
  b72d56cfad5baae4998ed2cfd973d32f
- SHA1
  
  ec16c82eff62e4b1beba2f04c9f5ecb0c955e3da
- SHA256
  
  ac8e67644d7b6b6f0bd78522a3568c98fe386a23542f73a2ec1a3cff4f433684
- SHA512
  
  5513fc13e402538a953b6db220b5b784eadd2f5326fdedad3820c794981ca6d2c2c361da7898aec31b7fdf5f0723b3fec656b2e532fa7b8a7628471d8d7ab1d5
Score

10^/10

bumblebee 0612 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  worldsex.dll
- Size
  
  832KB
- MD5
  
  e9574d9836286e631822e492a7b0d560
- SHA1
  
  911cab76f98b0701ee53a70d30faad9dfbdaae1c
- SHA256
  
  1436cd7b3ec8fc3941292fad31475711a89b050bd1d87cdbbbf2866394dad099
- SHA512
  
  3b0a8a1ef518f01c6bff5614c10c15ef9d0380854721f543e4da738f2fc47548a2992bebe9538e636f0b5ee672bde92fea0c768b64dea87ef137dc13454fcd8f
- SSDEEP
  
  24576:yDECFXY7YWuI5SWR0VrBywxmJMnk7UGu8E+6N:yACFX9yetA66UN+E
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

bumblebee0612trojan

behavioral5

behavioral6