bumblebee | 204888f940e1bfe5ef634403a096f4de5ef88b154f037539f5de7274d7f3349d | Triage

Sharing

General

Target

Desktop.zip
Size

835KB
Sample

230213-xkyrysfc84
MD5

9f835c85b5a7448679aebde2bc8812e7
SHA1

0d9825ce1dadfc3be4c68ca87539fe93c5474fd3
SHA256

204888f940e1bfe5ef634403a096f4de5ef88b154f037539f5de7274d7f3349d
SHA512

3ca4fcbe04333c4a4f473be421e2fdbb2cca1005a6e383630f5d7d162a8a619e1a8a53751fad7e12e1ccb66703719a09d9e8b5ee985c2fb8fef7b15154e05766
SSDEEP

24576:IyNIHka4MmCsbAC+VKs1hx/vuNadRNMBk1p5iUPW:IyqHka4gsbABVp17+YdRNMktiGW

Score

10^/10

bumblebee 102lg trojan

Malware Config

Extracted

Family

bumblebee

Botnet

102lg

C2

146.70.29.237:443

205.185.113.34:443

23.106.223.182:443

103.144.139.146:443

rc4.plain

Targets

- Target
  
  Photos.dll
- Size
  
  1.1MB
- MD5
  
  3597d41880a128a0c715c8322070ae24
- SHA1
  
  dded4a30d245aca3649c171611e507d79581069a
- SHA256
  
  565ecf7a706112531b6af57b958fa516c48eeae027fd5348d3f0f31968baab9b
- SHA512
  
  47b64e624a25e5a866008b2fdd1f42cda6780c118b2c6ef0452c16af0a131991a9400c0bac14da48076a92d1658dfb94bcd98a1fd0897ddba41a14484ebd30e5
- SSDEEP
  
  24576:PwErDLt80gXfaRM9d1Z6UpXkQxM3txBkMD0utYQE2:PDLC0gy2zZ6oFMXBLDyQE
Score

3^/10
behavioral1 behavioral2
- Target
  
  project requirements.lnk
- Size
  
  981B
- MD5
  
  9b512828eb27519424b4985ae1160075
- SHA1
  
  d73d9c30a84c83bcc54a53d42bff7d43eebba5b5
- SHA256
  
  14d23f1c4316b2748f257f72b3fdac993b304c73c58ebb12a754f27feb0050fc
- SHA512
  
  163d589c12c7214b5f0be5d1b7de78edd9e17d721c4de07c80a4c8a9895a116658212fd7d00c05588bb89c5b7eb1626b8ff2cf17ffb4f05a5700d27922c2f343
Score

10^/10

bumblebee 102lg trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  samsung.bat
- Size
  
  1KB
- MD5
  
  d9c85f2b71f3845c6eccfc9cf0d61f5f
- SHA1
  
  87e33805b660677abf211a026d6571929007cd45
- SHA256
  
  a897ba334569f2bf0fcf2741cd644d5975221f009228243b140013a6bd6a2776
- SHA512
  
  1ed3bebdfc33c68253d63a3290fb76c681f928c902c476e749a00cbece97aa66d8b615fce8c0ef5905c13ea71aa5049c70c076680f89e5d93e53437e69f17fd6
Score

10^/10

bumblebee 102lg trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

bumblebee102lgtrojan

behavioral5

behavioral6

bumblebee102lgtrojan