Overview

overview

10

Static

static

devx_foot2.dll

windows7-x64

10

devx_foot2.dll

windows10-2004-x64

10

forum_old.bat

windows7-x64

3

forum_old.bat

windows10-2004-x64

3

license.lnk

windows7-x64

8

license.lnk

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Desktop.zip

  • Size

    736KB

  • Sample

    221216-rvqlfahf7w

  • MD5

    e39789990eba9a36eb8631f4d799cb52

  • SHA1

    e02bd79098b812895d2ea8a8c6a60e7751769895

  • SHA256

    547294e9d1cd43c6d8582d62813c7aa26b81ef8affe7d16f3657a4ae202af1b1

  • SHA512

    37740515b71de5df5b8bc459619f4c41c4ac689b9e72ba4f1e786304ae604a5306d6051ccafdce657111ef7d9fe5e8f1de7f788f94e261fb2335b935970ac427

  • SSDEEP

    12288:Y0i/XzUqJaTxOPqGcemoVJC+mYj/7FMeuneajIOMqwQ9FX0Jg2jBqx5dNQpsxtLG:NsDrJaToP8emoVJTj/Bkne3OYtpj2NQ7

Score
10/10
bumblebee1412trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1412

C2

108.62.141.52:443

23.82.140.180:443

198.98.51.235:443
rc4.plain

Targets

    • Target

      devx_foot2.dll

    • Size

      1005KB

    • MD5

      b955bf20f8c1b01b9f1d12023183115d

    • SHA1

      1649e261310a5cd12965bc7a6440c18adaeea6b9

    • SHA256

      84155dc50b0e963c16477793e5814b9feb9603b80924a047d7558a26228b6749

    • SHA512

      4bee83ee71c7ce24d2488170c1b15861e280efa25637447d4b1b18acfcbe178ba4a21d70590771f617219dc20b26fec1da9b3ffd00480cfe06efc1833237a1e7

    • SSDEEP

      24576:YInlGCMQ33VI15YlmePz8nGQrUc9KLVy:j0CFyBn3rn9P

    Score
    10/10
    bumblebee1412trojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

    • Target

      forum_old.bat

    • Size

      3KB

    • MD5

      eee1b1a971d11cd922794259e8006d7b

    • SHA1

      f2b1c84fd1827ff58c3b37f29c70894482de96e9

    • SHA256

      797cd9e3fb2a444e43e46a54de5c354ea92f36818e73640fd05d2989bb9693cc

    • SHA512

      092e7318e3c15b5d22b4303238be255ad98a06bb9398cb02cb6f25e3b2d4e160242b5005a736ccf1da11fc65cf7cff0f292b1a4c68d962eb2062e75f936dcf1d

    Score
    3/10
    behavioral3behavioral4

    • Target

      license.lnk

    • Size

      1KB

    • MD5

      377afef57fefdb218447d638af7d4100

    • SHA1

      0e8aec41d862caaebda8e9ce6db0c240bd3fc37b

    • SHA256

      20913c758b88611778b28a5eada7bf762b56f20de8b687886968aad9f12e6129

    • SHA512

      f327fcd9d64094fe23bf7f28ec176e07d24eba2d9140ff321ba2343c6ce5761b9de5522d117a2a5c82096966fc4319d9034da7457a6b7a81260a63f320f483a7

    Score
    8/10

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks