bumblebee | 3f3b2636e1e94a03d17afc81fcc51a8cf997de13efdb4100c5b066f544701223 | Triage

Sharing

General

Target

0dSnW.rar
Size

748KB
Sample

221209-cxmj8scb36
MD5

9fd5da506c53b0e905f48791fc809eef
SHA1

aa2fcb6890abd4cdb5e51efe69e1560f1336ebd7
SHA256

3f3b2636e1e94a03d17afc81fcc51a8cf997de13efdb4100c5b066f544701223
SHA512

d26aec679c4b5d6af9baba74332a1fd6c325e3b674c1c65ad213731083e58ee22c1e0f2dbb5bdd470a1ff5bda3654de919bdb27f3cfc3e75d6f47ee64a407120
SSDEEP

12288:OfGse0rWJEzJr2qDZ9xH67D9wy58lc3gYgjA/qFkX2ghLgx3NEB0mI6FYEGcV:OefUtJnZDSwmVxgIqFkGQM+9

Score

10^/10

bumblebee 0712 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0712

C2

192.254.79.122:443

139.177.146.25:443

104.219.233.145:443

rc4.plain

Targets

- Target
  
  0dSnW/Page.bat
- Size
  
  2KB
- MD5
  
  8d0a03154bbe82f6041790b08baf39c3
- SHA1
  
  c0b78b03e2ba9400cad4ec70d3187fd18c3f958f
- SHA256
  
  45ef129aa15193c634cc8badd659c7e400282ecc4759713622a965264b130a05
- SHA512
  
  ea1387e77db42b1b3e77013ae5b3aacd89f0d3aaba98c16865a7eac0532027e8c2b320b4ccb212e04d4601fbf2db4a396999bda30fde3adb9527eeb87b86dd67
Score

10^/10

bumblebee 0712 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  0dSnW/document01.lnk
- Size
  
  1KB
- MD5
  
  c6f1fecaca46ba66f28625f252db236c
- SHA1
  
  9078d131c23cdb9ca4839553b1052e12e4fc55e0
- SHA256
  
  fbaa8b0ce2175c7a36192b7d4d35b359b344a37a2c2ce1460b7393f21ac8c05a
- SHA512
  
  c741047eba96ce3596b0198d81abfa17d53a2a9dce3973ef057f1cfacea537ae13e9f51be30c8ac4d0ee93914905a881a3e498b65ee1a206821a3553a6a21462
Score

10^/10

bumblebee 0712 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee0712trojan

behavioral2

bumblebee0712trojan

behavioral3

behavioral4

bumblebee0712trojan