bumblebee | 84155dc50b0e963c16477793e5814b9feb9603b80924a047d7558a26228b6749 | Triage

Sharing

General

Target

SecuriteInfo.com.Variant.Lazy.276085.26689.31061.exe
Size

1005KB
Sample

221216-v3pkwshh8z
MD5

b955bf20f8c1b01b9f1d12023183115d
SHA1

1649e261310a5cd12965bc7a6440c18adaeea6b9
SHA256

84155dc50b0e963c16477793e5814b9feb9603b80924a047d7558a26228b6749
SHA512

4bee83ee71c7ce24d2488170c1b15861e280efa25637447d4b1b18acfcbe178ba4a21d70590771f617219dc20b26fec1da9b3ffd00480cfe06efc1833237a1e7
SSDEEP

24576:YInlGCMQ33VI15YlmePz8nGQrUc9KLVy:j0CFyBn3rn9P

Score

10^/10

bumblebee 1412 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

1412

C2

108.62.141.52:443

23.82.140.180:443

198.98.51.235:443

rc4.plain

Targets

- Target
  
  SecuriteInfo.com.Variant.Lazy.276085.26689.31061.exe
- Size
  
  1005KB
- MD5
  
  b955bf20f8c1b01b9f1d12023183115d
- SHA1
  
  1649e261310a5cd12965bc7a6440c18adaeea6b9
- SHA256
  
  84155dc50b0e963c16477793e5814b9feb9603b80924a047d7558a26228b6749
- SHA512
  
  4bee83ee71c7ce24d2488170c1b15861e280efa25637447d4b1b18acfcbe178ba4a21d70590771f617219dc20b26fec1da9b3ffd00480cfe06efc1833237a1e7
- SSDEEP
  
  24576:YInlGCMQ33VI15YlmePz8nGQrUc9KLVy:j0CFyBn3rn9P
Score

10^/10

bumblebee 1412 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebee1412trojan

behavioral2

bumblebee1412trojan