Overview

overview

10

Static

static

1

features.dll

windows7-x64

3

features.dll

windows10-2004-x64

3

math.bat

windows7-x64

3

math.bat

windows10-2004-x64

10

project in...on.lnk

windows7-x64

3

project in...on.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Desktop.rar

  • Size

    797KB

  • Sample

    230210-zyvnkacf2s

  • MD5

    51dbb8b2bb05680d870e7bfb50ea5472

  • SHA1

    cd678de27074ec77f7343a832973f2cf692406e6

  • SHA256

    e7e68c5e7d8d244f57455f83148f574094d216a634cb2259880c0910088402a4

  • SHA512

    c2d6a106181a43adbf4c8b16f7809a4e92f89b435444f3f0ba2a253775b4b8f922d210db5a9f53386467454bfa820b917eb066c4f8637984d6a1533aa57c41f1

  • SSDEEP

    24576:6IQsvBNcQvhb13+fk6hqwC3xJgYrz4tbqgA:BQsZNc8rkjTCIo00gA

Score
10/10
bumblebee102lgtrojan

Malware Config

Extracted

Family

bumblebee

Botnet

102lg

C2

146.70.29.237:443

205.185.113.34:443

23.106.223.182:443

103.144.139.146:443
rc4.plain

Targets

    • Target

      features.dll

    • Size

      1.1MB

    • MD5

      0754f0df91f71d2e36f234c3852b157b

    • SHA1

      6af19eb260bae0f01d13e6d618d93d63eb82d7c5

    • SHA256

      c9eb997b9af05af641a3708b006e34e6a9a4e7755fca72205cd187110375e7ac

    • SHA512

      f944a79b5852c7b8280dc479e2d4fd06bb09bbdb566bc5cbb4dc8340477204139ec4b9b0acbee3b7e3a3b2bc73f869f1e1d691690a35c9e9f711ab17e43f9deb

    • SSDEEP

      24576:UxhinDzFYOcJpi16vsYSPN93IlZn3oCwg8LKMYL31IQNV:6iDnYc16vJO9QoC1M2N

    Score
    3/10
    behavioral1behavioral2

    • Target

      math.bat

    • Size

      1KB

    • MD5

      ae315719f9e410b80ae2c059483ae3ad

    • SHA1

      aaea22f5d865f44d904f344d82f125455d4c87ef

    • SHA256

      f7a5e8aa213fc7cab3428f935c73e54fa5f7af07c118cb8355edaf02ebaef749

    • SHA512

      097c721573bb6673e359ab487e46610f3bdcb767b5161d78f7cd1413136b35562294b9333421966104ba730ba18b1f12bf9f6ead9c340c5f082f81b3b9b25471

    Score
    10/10
    bumblebee102lgtrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral3behavioral4

    • Target

      project information.lnk

    • Size

      975B

    • MD5

      c6b475cbf0af53b086df880b42c21409

    • SHA1

      e8aa3b7fc99e14f92bf369efdac3f2b558914915

    • SHA256

      ae981b4dd9a5b4a4d8a21250244216dc7e9ac03bd54048527f31d3554b66fad1

    • SHA512

      8a9031fb1f0238c92ebf6d432b950c7f806dbb085a288f6bc0c120ff9f779a670169c320aac48784cad64b235fee845bc1e04037f18dbeb2dc5a3fcf30397dc7

    Score
    10/10
    bumblebee102lgtrojan

    • BumbleBee

      BumbleBee is a webshell malware written in C++.

      trojanbumblebee

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks