bumblebee | 81522724d0ca28989c5dd4bd6ed52c5461ba53ddee27b569246fa59bd9af13a3 | Triage

Sharing

General

Target

Desktop.zip
Size

809KB
Sample

221208-xeyj1adh5z
MD5

f7557a6d1ead807912e3749795106cdc
SHA1

7dd52b99c7842578341739d211097bbb2fbe6b84
SHA256

81522724d0ca28989c5dd4bd6ed52c5461ba53ddee27b569246fa59bd9af13a3
SHA512

f5910bfc07271e6d8d601280e38cd90d7e5edaf4ab6c8a51908ddf04321642c8c9bbed31e4c9ff4e49ff70297a2ade9f7db086952b38085c7a48fe43854db233
SSDEEP

12288:ESugTZImK0tC3MZokmP5yN2K2nnaC2VizF4Wvo0/q1gwoAniNQDcLb1OGgsckvRn:EtgdIqgMFqqIaC2VizBmpo8gGqpn

Score

10^/10

bumblebee 0712 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0712

C2

192.254.79.122:443

139.177.146.25:443

104.219.233.145:443

rc4.plain

Targets

- Target
  
  Page.bat
- Size
  
  2KB
- MD5
  
  8d0a03154bbe82f6041790b08baf39c3
- SHA1
  
  c0b78b03e2ba9400cad4ec70d3187fd18c3f958f
- SHA256
  
  45ef129aa15193c634cc8badd659c7e400282ecc4759713622a965264b130a05
- SHA512
  
  ea1387e77db42b1b3e77013ae5b3aacd89f0d3aaba98c16865a7eac0532027e8c2b320b4ccb212e04d4601fbf2db4a396999bda30fde3adb9527eeb87b86dd67
Score

3^/10
behavioral1 behavioral2
- Target
  
  aboutUs.dll
- Size
  
  1.5MB
- MD5
  
  829e1ae91a3362f708f6e9a9222279ed
- SHA1
  
  ae505fd299c6c75660f88c8710b00f1ab8d42766
- SHA256
  
  f70cbdde53a4bacee3410caf7666f303e6958f8d1d0fb678afbfa1093e38b4cb
- SHA512
  
  030226487b6d3ae2c53ff9729be731f692c798208e25024ea914cee14e9bfcc2edc94b31a54e355fcef93d6ee5d8c5a260b3621170a6b3b09f6553984eaf1299
- SSDEEP
  
  24576:rgKYrq1rE7F3C9oqxmLJL+bomVWFuf3qj8r3d1fyMJu3n9HGPXUtOZEkTuuqW:UKXQyKDLd+omgFuXJutHsnL
Score

10^/10

bumblebee 0712 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  document01.lnk
- Size
  
  1KB
- MD5
  
  c6f1fecaca46ba66f28625f252db236c
- SHA1
  
  9078d131c23cdb9ca4839553b1052e12e4fc55e0
- SHA256
  
  fbaa8b0ce2175c7a36192b7d4d35b359b344a37a2c2ce1460b7393f21ac8c05a
- SHA512
  
  c741047eba96ce3596b0198d81abfa17d53a2a9dce3973ef057f1cfacea537ae13e9f51be30c8ac4d0ee93914905a881a3e498b65ee1a206821a3553a6a21462
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

bumblebee0712trojan

behavioral4

bumblebee0712trojan

behavioral5

behavioral6