bumblebee | 0cd9826b702404e2f9b6854c672409422f578afd63d43795e8e370b212d403d6 | Triage

Sharing

General

Target

AcrobatInstaller.lnk
Size

1KB
Sample

221209-j4jv9aff2v
MD5

efc13d85b551ba2d426d3754d642ca11
SHA1

43202b41ce4c2cd23cbba769227dce2f50750f27
SHA256

0cd9826b702404e2f9b6854c672409422f578afd63d43795e8e370b212d403d6
SHA512

3c09654c48cc9f32c240b153137750eb798cbdddc2fa7cca72ff4cac2a83563c90b9f66a13230b8af9903aa16b60b0e3a7b2bbb96ff4226cbae5962f410aff1e

Score

10^/10

bumblebee 1011t1 trojan

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://cruds-club.com/AcrobatInstaller.hta

Extracted

Family

bumblebee

Botnet

1011t1

C2

64.44.135.140:443

103.144.139.150:443

146.70.149.43:443

rc4.plain

Targets

- Target
  
  AcrobatInstaller.lnk
- Size
  
  1KB
- MD5
  
  efc13d85b551ba2d426d3754d642ca11
- SHA1
  
  43202b41ce4c2cd23cbba769227dce2f50750f27
- SHA256
  
  0cd9826b702404e2f9b6854c672409422f578afd63d43795e8e370b212d403d6
- SHA512
  
  3c09654c48cc9f32c240b153137750eb798cbdddc2fa7cca72ff4cac2a83563c90b9f66a13230b8af9903aa16b60b0e3a7b2bbb96ff4226cbae5962f410aff1e
Score

10^/10

bumblebee 1011t1 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebee1011t1trojan