bumblebee | 088c7d79d16c7d28686b65dff3aadae96dc71ebb47a0418b95dee58d2e4b76a7 | Triage

Sharing

General

Target

20221212_ta580.zip
Size

759KB
Sample

221212-v1j8dsca78
MD5

6cda19150f65b574ab4f25a782846c9a
SHA1

a70f84fd363cb0b1f6c3be864248e2370081bc1b
SHA256

088c7d79d16c7d28686b65dff3aadae96dc71ebb47a0418b95dee58d2e4b76a7
SHA512

49f7b07f73f47e0274bba5002ab543b0cfb501803464c60714b9f761c27db7ee4a0f2e205a77cde3d0cf792786a7618e0b9b710c034291cb8e31f2b16e12876e
SSDEEP

12288:dFQUf415I+WVct366YTQh52sLGIhsCMvmxJeU2KsmqAFmg5gr/UEDkJ1VWz:nQS+I+8qYIY+GIhTimxJeUmmJFxg7Bom

Score

10^/10

bumblebee 1212 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1212

C2

146.70.100.126:443

149.3.170.211:443

103.144.139.137:443

85.239.54.178:443

139.177.146.26:443

rc4.plain

Targets

- Target
  
  doc.lnk
- Size
  
  1KB
- MD5
  
  e2d66adfe8e20d3da5912f4ddb54875c
- SHA1
  
  7f590eee3ac2853471da6858f8f8c904eb92d329
- SHA256
  
  9f0e7f8733888b0bc95df7034e1b271f96138d12bddd0224838e064639324e0a
- SHA512
  
  53a8bad68b6e936b24d4aff78b24503dcc3aeb7a978a1d3e7c6304a190b804de27caa71ff706cad610a37ccde62fb97c6015c2f2741fc6fac191861d41165cb7
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  share.bat
- Size
  
  2KB
- MD5
  
  5d370eb5c3b5d29c98d51e3a4e982a63
- SHA1
  
  040311e1d9f2077e0579f2b5b4d289cb12079341
- SHA256
  
  5154ad2319705806fb829e709008a1cb270dea2154d7b65cbd9dfe04768261e7
- SHA512
  
  d1af3e2391bf6a87f51a4f82aaa807ce07367bf24966fadd3580559309a7cb930baa4ffed72abea799e8c04b2cdf6fbdc2610b15e9fb3a7c9e07407b99684e53
Score

10^/10

bumblebee 1212 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  strona_16.dll
- Size
  
  1.2MB
- MD5
  
  97c712e90d567ef9f80a1d03ae69f07e
- SHA1
  
  c021b0d679e0a0597e748b5438dd15a13c190699
- SHA256
  
  c1b30ac4731197caf0ee49c76a9df568d53b630423f8a667417cad42b18d576b
- SHA512
  
  e37f16f5a97c6682b12b3ee5a71fbfce30eb8362610b4cd34c9e79c11ded4359a7ffedb7b6bcbdc505d62d452466d58f05a060d692a33586fbcb581183b3d5d5
- SSDEEP
  
  24576:b/ZQJy4jzcWnyHvjqtd/g+UaAurHP2ITTTcK:b/qJy4EPO/KjW
Score

3^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

bumblebee1212trojan

behavioral5

behavioral6