bumblebee

General

Target

obama-pw-abc794.zip
Size

754KB
Sample

230207-xtnncage8x
MD5

b3574cd03afd3fcd8d58958d0da3868d
SHA1

9c8a88a3dba2602fcf2b5d97ae448564c8dc4ceb
SHA256

1a06b268c8398494eff8a3e8532415383b6384552158ba26ad56f054814f4b25
SHA512

39b94f4f6012ca84c4e15bd756553a7037c9534b5674d45a810eaba16208204d145ccadb0cf3cbaf352a8a9cf0961964a76b4039cc73707db5c150ac5658c038
SSDEEP

12288:x5puL+5ffw+KD7d6EAOG6KtkEtyjiv33faLU02QWhjkTlsSR/kF0FmRkcnunk:9nw3dxGrtu6nyg0OhjkRsSR/kFlRki

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

0211r

C2

193.109.120.156:443

192.111.146.184:443

104.219.233.113:443

rc4.plain

Targets

- Target
  
  Document_1147.iso
- Size
  
  978KB
- MD5
  
  0b3ad8c3a258385c3f63f3e7d6251ef6
- SHA1
  
  145e0da908dc22c27db4c5ca77bb4cff3705df5d
- SHA256
  
  a87637aba30b081474f6b799953c52b6816fc01a26bea9282680360953e87b79
- SHA512
  
  fa1f5ccd5c6cbde5b7968b7c09a861c136ac1c576094abc40b0d5f1c2ab614dbc54d5e565d9bf1b86748fe820636606b418c8ff9a744e7a9d223013803d92430
- SSDEEP
  
  24576:kl7tQ/ikPAknx9XfzPXMRrMnSUcQBlmzrle2:kl7i/i+A297PXMn3QBlOe
Score

3^/10
behavioral1
- Target
  
  Document.lnk
- Size
  
  1KB
- MD5
  
  c5b4481f62732e01a1ac5343602aeb68
- SHA1
  
  9fbc075732d97b723717e2d8b53db092cbb0c1a0
- SHA256
  
  33cd63673bf4c1fbccc75c7501de79a1fa6c879888de2fae06eef57af6149656
- SHA512
  
  02ddb4a8e11f0fc23bc4ccb0ab37b75cc14f4f347213fa4527826748fc6b5602837191cbe3b16cfad971ca353cc5a9a7ad951efd216797ddfb0a80533c15e36c
Score

3^/10
behavioral2
- Target
  
  maidservant/boxed.bat
- Size
  
  340B
- MD5
  
  5e26b51fc6e1ceaf6c2c592c498ae225
- SHA1
  
  7613a0b7e0e7205bd4ba1f137f47a506d1bca6c4
- SHA256
  
  6c15a139a267acccff7924f3da48786f562b8945a2e0aae6796d62f4881d62ef
- SHA512
  
  af132115f61d48166d423cf2514ecb917a7c8da868fbeb0b452a21c3c4500466ad5a321d2ca35941a7b0c783359ab813f801ed683e056534c90aa253d41c1f53
Score

1^/10
behavioral3
- Target
  
  maidservant/changeability.dat
- Size
  
  883KB
- MD5
  
  c5f2f4f62a273ddebaa72be2bc60aa96
- SHA1
  
  ec0e5be2eb48abd1f8f7d768c51280bb52e8dd35
- SHA256
  
  56088c0abddea8f5af72f2e212d1da5688cc3c67e6587e5885107d6b900c37bb
- SHA512
  
  02fb65e5907611765f4df50483bbc8f9f5ba25115f986c0582b5ee1f20ec0cccc37cc875c8f9a5594a924def19e87cb0931e723d48333da217392b905414d085
- SSDEEP
  
  24576:bl7tQ/ikPAknx9XfzPXMRrMnSUcQBlmzrle2:bl7i/i+A297PXMn3QBlOe
Score

10^/10

bumblebee 0211r trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral4
- Target
  
  maidservant/fiancees.jpg
- Size
  
  31KB
- MD5
  
  babafbabd2e5c512dfa2ce1ef7cdd96d
- SHA1
  
  5b0ea4a72778cb0c1995058d0c62945caff9e7de
- SHA256
  
  c79f86eb938e25f83971ede25ce82e0c1710f83ff09f0cb4677fcbcea0248929
- SHA512
  
  a9a3a32cd3b2d0e0e5893c5213780e28cd72b7d38e148941f0882a7fbd62bedcc91a1a91666b5980d4d7d245b43338b7c9b6656700ad5f4b15d93e55ad786072
- SSDEEP
  
  768:LtjYsBkznek481E0pYUXJCpF5hzrW11L2JpkvZWdkqvWBoTCoB/D3G:BswU894q2ZWXvWBo7/LG
Score

3^/10
behavioral5
- Target
  
  maidservant/nodality.cmd
- Size
  
  314B
- MD5
  
  0e0d5e1fcef723ac6742184a3e7e941f
- SHA1
  
  8f7675dbffbea15a53e162068a4ff144343f32e5
- SHA256
  
  62fea0ee1144a7c344c980cc47fc35b081b7cfe1607a48213936ec8ec00cec80
- SHA512
  
  5a56a0edb02dbc6a03de33702b0c9d1d20d7fe27ce294060b3dbe6aa55a5fd504729fbefa132eda3d79d04d31c7d6401b8aba8b288c47128b2cbc770b62e337d
Score

1^/10
behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6