bumblebee | 6bd244fcf3711f5cba246dc3e3a2ca14855c849856a03cb700cb49fe85663de7 | Triage

Sharing

General

Target

Desktop.zip
Size

828KB
Sample

230213-t2brzadh6x
MD5

df4d6add22f7237c80cd47a91fd9745b
SHA1

07c358a0b4c3fa298c327637cfba92843216164e
SHA256

6bd244fcf3711f5cba246dc3e3a2ca14855c849856a03cb700cb49fe85663de7
SHA512

61f17df6004312e384076dfe9b33410c745cf642a2b05beb8c167b1a9345367ad16477dcacd3601477f5e4737c0e247da6347314e96e88447ebbe29a4c4f13e4
SSDEEP

24576:DWjzMGFBGrOH7YBaUST9cViarCc8wF0iKPu+h8jJ:DWjzpmrg7T75EfrMx3u+h8jJ

Score

10^/10

bumblebee 132lg trojan

Malware Config

Extracted

Family

bumblebee

Botnet

132lg

C2

205.185.113.34:443

103.144.139.146:443

23.106.223.222:443

95.168.191.248:443

23.106.223.182:443

146.70.29.237:443

rc4.plain

Targets

- Target
  
  amateur.dll
- Size
  
  1.0MB
- MD5
  
  63f8c02fa87e750af09aad4f48b1aa4b
- SHA1
  
  f6554c45d574e960ed5f262779ff5aaeb928384e
- SHA256
  
  9a149522394b1718586436d43d72a9c9fece1f5c63478b6045b99421a35afecb
- SHA512
  
  017adaaf9791fd90906f2f0f7e713bd0ed48075cc2838247d730ef9411a0089f98fc6ad33d0813367dff486bb27e4a5fe4c8123f887f36deddd0f3f986a235e0
- SSDEEP
  
  24576:dTOm8Acqmr0tSEud7LgCgF1ZlPluqzGfGhu7h:dzcZotSwCgHEqzG+4
Score

10^/10

bumblebee 132lg trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  lang.bat
- Size
  
  1KB
- MD5
  
  657b84e6f9b5a375e4766813da6f5db0
- SHA1
  
  4c6e5b27342b9eaae0c2f60c46f5b9ed59696f0a
- SHA256
  
  e5fe1ce1137dfcdb603d4a31411659cb0846b5327d4a9dd1a6cb7e8219b409ae
- SHA512
  
  271aa8146a006dfb1c196ada87e02d54a72b6f4d35971e6b41131cd8ec3ee0e4468cfadd24331c75627985f7fea337c010d36683be52a80394d25e98be88aaa9
Score

3^/10
behavioral3 behavioral4
- Target
  
  project information.lnk
- Size
  
  975B
- MD5
  
  662e0554d91f79fa97a53e224ac8a5bd
- SHA1
  
  44b14afd5c0a849d3553e4636e0a5125abc8087d
- SHA256
  
  5a32e8b0b07cc41971fc057bffa79ce0760d110d3c72e018af0c645a698cec6e
- SHA512
  
  d062b646289d056cf858477b09456868a5b9f7a61788efd3f40473c64a9ff942e06f8b5581b2d295de803d3fea42ef6a86fad1a8c8e63243d8fd7380bffd0c78
Score

10^/10

bumblebee 132lg trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bumblebee132lgtrojan

behavioral2

bumblebee132lgtrojan

behavioral3

behavioral4

behavioral5

behavioral6

bumblebee132lgtrojan