bumblebee | da2b5721da210937936fff0991248b7e4acc5f15a3dcbaccca28705404f2ae05 | Triage

Sharing

General

Target

0R4yP.7z
Size

668KB
Sample

230119-t5nkyade4w
MD5

ba497849a0261cde561c4bc60c3a01ac
SHA1

daea6c145283dba32f440a2faec0c4f79cd6b785
SHA256

da2b5721da210937936fff0991248b7e4acc5f15a3dcbaccca28705404f2ae05
SHA512

9feca86b5b3fd14066d8c80f52c7ebb2a75712608e00672da2d4f93fe7306dc54ebbc9080e601aba3b2a8aa6e45af6f3066f968a1f12840e7346cadc98ab147f
SSDEEP

12288:OL+WoYJedrX8RqLTzo8fEopiLgEFhWwJ6+UYNCoQnx+lj6dUo6S4SKail:OL+Wxw+qLgcf0hWwJ63oQabSKd

Score

10^/10

bumblebee 0812 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

0812

C2

86.106.87.135:443

51.83.248.182:443

23.82.128.116:443

rc4.plain

Targets

- Target
  
  Article.bat
- Size
  
  2KB
- MD5
  
  1125f24c48e34f0bc7544ad81f890504
- SHA1
  
  c155043c586f26f2c778725e410a69127e5e3ee4
- SHA256
  
  cccb4f9ab30b6a7f63f1934b99dde29905b3ea4138e5701ea3d349ef83115de8
- SHA512
  
  50d6e6c3b473ca7aa397cc73c47ad930be66a1fc9f305db6a64542b8b58944b35546628447fe91fc5b0852fd63d65ad17d36899d0acf2a0e06639f7a36f2e07c
Score

10^/10

bumblebee 0812 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  doc.lnk
- Size
  
  1KB
- MD5
  
  46f0b2e9fb03af73e28bff1c9d22c2bf
- SHA1
  
  5cedb40f12bbcfe46d7ffed7935ae3908ef12b23
- SHA256
  
  cf1a8acfb8dc6e9bd840d0e4e4a4e4272b376452677b66f1d49bf318166a2586
- SHA512
  
  d1e08d24141ee9bf4b065f82ad0cc6574266d232ad508294d18a931624981848b17a79ba9414f81a940053254120aff27a026b8d74ad256f1a6b3c3eee32728d
Score

10^/10

bumblebee 0812 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  storage.dll
- Size
  
  1.5MB
- MD5
  
  a9af7ea12a65c448f23e591416118c44
- SHA1
  
  573d94055a4318e7588e3e226f34d09c696e1902
- SHA256
  
  6361f2ba78f49ebdcfc8970ed581fc0f4764f7a03cb5c8a0362c59e05c4b51e6
- SHA512
  
  d47d00511389d8acd5654572631c669c2d83ce9b5dd6b78d09cd36ce95eee5275931939f2bdd7c0c84b08a427c30051440e43ca8b5a29245ac8e77c2bf4f6c97
- SSDEEP
  
  24576:8JZjTqXXuuulCzFw+rKpf1NA/TUIpvwfM15vfpdkazH:8J8WlCJvKA/wYfdkG
Score

10^/10

bumblebee 0812 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebee0812trojan

behavioral3

behavioral4

bumblebee0812trojan

behavioral5

bumblebee0812trojan

behavioral6

bumblebee0812trojan