bumblebee | 21518b72a38ce7cadd7a8d378c7a0ce64b8902293395cb3473f20955de615b49 | Triage

Sharing

General

Target

21518b72a38ce7cadd7a8d378c7a0ce64b8902293395cb3473f20955de615b49.dll
Size

1.1MB
Sample

230211-qpm3paee32
MD5

347f3b70470e745d129d22c4497613f2
SHA1

daa009dd042be35a27cbdf030490095b0a34fbea
SHA256

21518b72a38ce7cadd7a8d378c7a0ce64b8902293395cb3473f20955de615b49
SHA512

c956115898b085535780c8791099a12b60a8050c3ad5536c5e486db29c18e13c706329e259355e197fb94493575990952295f2b0b9c9ebeb80788c048a083b0e
SSDEEP

24576:m36bYNlX4Y64TrO2CFriuKmykVq169HdK3AorTHMxsdRa:TYNxp64OHBqs5oPHh

Score

10^/10

bumblebee 102lg trojan

Malware Config

Extracted

Family

bumblebee

Botnet

102lg

C2

146.70.29.237:443

205.185.113.34:443

23.106.223.182:443

103.144.139.146:443

rc4.plain

Targets

- Target
  
  21518b72a38ce7cadd7a8d378c7a0ce64b8902293395cb3473f20955de615b49.dll
- Size
  
  1.1MB
- MD5
  
  347f3b70470e745d129d22c4497613f2
- SHA1
  
  daa009dd042be35a27cbdf030490095b0a34fbea
- SHA256
  
  21518b72a38ce7cadd7a8d378c7a0ce64b8902293395cb3473f20955de615b49
- SHA512
  
  c956115898b085535780c8791099a12b60a8050c3ad5536c5e486db29c18e13c706329e259355e197fb94493575990952295f2b0b9c9ebeb80788c048a083b0e
- SSDEEP
  
  24576:m36bYNlX4Y64TrO2CFriuKmykVq169HdK3AorTHMxsdRa:TYNxp64OHBqs5oPHh
Score

10^/10

bumblebee 102lg trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebee102lgtrojan

behavioral2

bumblebee102lgtrojan