bumblebee | c640adc8c6c82e658ccc5595ac2ca3c1c226a87206ae8a1e31c3db261aeac0df | Triage

Sharing

General

Target

files.zip
Size

832KB
Sample

230211-qe7dksea97
MD5

17cddd5b6f5e86e467a3f9f77f9e962c
SHA1

b77e55ab6e17cf9d7abd730ec6a36ec57831d14b
SHA256

c640adc8c6c82e658ccc5595ac2ca3c1c226a87206ae8a1e31c3db261aeac0df
SHA512

ccb7431eb34bb24b0462e112e0cc56bd911926ebc9abe85d81d7b7d410d3f1d8f846985d09442fc946cfdbbd67fb6bc1535f3c71b82afcf6e70c86019da2df98
SSDEEP

12288:D7iw5arao7HnvpS6EvZnurkrNpiZkbG40o4K9n0vQ6gZaZC3ufCgF1SXmFRxTGU:SwwnbEd9jgm4o4KChfC8y4GU

Score

10^/10

bumblebee 102cc trojan

Malware Config

Extracted

Family

bumblebee

Botnet

102cc

C2

160.20.147.242:443

146.19.173.86:443

51.68.144.43:443

172.86.120.111:443

103.175.16.104:443

104.168.157.253:443

23.254.167.63:443

205.185.113.34:443

rc4.plain

Targets

- Target
  
  bios.dll
- Size
  
  1.1MB
- MD5
  
  ce2c902fd0ce18854cdb470b1a02d430
- SHA1
  
  8c1ab975f7c6aefc03eb9809fc3b352ce2d92c02
- SHA256
  
  ea3a26bb3e6dd0aef0685ce38aeac6fcd9f4b3ee8380d93cc6a63330c5afbfd8
- SHA512
  
  9d3ac80a152ef0d8fa8461013eff9faf3432e652f4292c0cfd427f92e14d8ed67507a4b2f0596050a7997af872324fdd1057da6d7bf4ab0daed4ed3616eacdcf
- SSDEEP
  
  12288:78xoBeGLj79ko/Kw5D/4u5VhB6FXW8oI4pojoUVPn3mR7QJjmLB2HwjsjJlH0Ycn:Ix0lL5/KsDZBWG8UUVPn2u3HFjJ20
Score

3^/10
behavioral1 behavioral2
- Target
  
  project information.lnk
- Size
  
  987B
- MD5
  
  52318d33bcdb7be297b3fc01cb2b590c
- SHA1
  
  9c0e1191509c7d610c5e3cfbb8bc1b83b28fb03f
- SHA256
  
  da489201afe602684791b0a4b7b238df9f3549c276ccdcaeca8375f31f2b66dc
- SHA512
  
  27c48a86e08dcd3806f8989be739615f2c978da0dd216a43696590603be51867bff03d66e5bf808acd5d51ac203254b8eefd1d8dc6b9325ac5c0f3f2833ba8f2
Score

10^/10

bumblebee 102cc trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  topicsMain.bat
- Size
  
  1KB
- MD5
  
  5ac482d3d3dce722972fae6a69fc8bce
- SHA1
  
  66744f07e3775b22572d1fd8fc60a58b47babc96
- SHA256
  
  311b4dc7cb37d5e22502ac5e6e7414ed3fc94777dac8cb0d7f234e3fd6702143
- SHA512
  
  abea1cddd5ad90c7b1f2859a14724a04bcfab61f38cbb81686ecb338d8f70d040afe0eaf1f572dfb7be26a9c9605cd44682ffa6335f90bcc8993d1d4eba0dc8e
Score

10^/10

bumblebee 102cc trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

bumblebee102cctrojan

behavioral5

behavioral6

bumblebee102cctrojan