Overview

overview

10

Static

static

required d...67.img

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    required document-98765467.img

  • Size

    2.2MB

  • Sample

    221217-amx7wafh72

  • MD5

    047cbb85d06edca7f59b76c543e0e52d

  • SHA1

    8e98fa171813c2c05357b4c5cc0b39fd4fc9df2f

  • SHA256

    37e3e7320ef755d965f27a51a76059c124c6de5019a43c838bfb9e5ed158cc9f

  • SHA512

    293074598ed1fc69462b1c9cc96d5a3935d7d969d8a56d37cee89b2d2f8be770d909b64b8aba1473964697362c25c76a414000053c0c8d7ef2a2c784ba8c2c48

  • SSDEEP

    24576:6DkZUvnqlux0IJxnJov44aUNoBOFvgcOvF9RTySFWyFS67QsnK:6w6Tuv4EoVpySsCEO

Score
10/10
bumblebee14lgtrojan

Malware Config

Extracted

Family

bumblebee

Botnet

14lg

C2

172.86.121.56:443

172.86.121.59:443

91.245.254.97:443
rc4.plain

Targets

    • Target

      required document-98765467.img

    • Size

      2.2MB

    • MD5

      047cbb85d06edca7f59b76c543e0e52d

    • SHA1

      8e98fa171813c2c05357b4c5cc0b39fd4fc9df2f

    • SHA256

      37e3e7320ef755d965f27a51a76059c124c6de5019a43c838bfb9e5ed158cc9f

    • SHA512

      293074598ed1fc69462b1c9cc96d5a3935d7d969d8a56d37cee89b2d2f8be770d909b64b8aba1473964697362c25c76a414000053c0c8d7ef2a2c784ba8c2c48

    • SSDEEP

      24576:6DkZUvnqlux0IJxnJov44aUNoBOFvgcOvF9RTySFWyFS67QsnK:6w6Tuv4EoVpySsCEO

    Score
    10/10
    bumblebee14lgtrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks