bumblebee | f2406ca9821dd1af9404128f5c2964f99bf1480317a398970c3fe46efd596ab0 | Triage

Sharing

General

Target

Archive.zip
Size

841KB
Sample

230213-xnl8bsfd26
MD5

131c76d999c92b524aff041e09f2761e
SHA1

de5e0cd835d4e4da1dcbcf55d679cd1285b4a856
SHA256

f2406ca9821dd1af9404128f5c2964f99bf1480317a398970c3fe46efd596ab0
SHA512

f8c4ba3352f387c2e3e4bacfd8ea09493bc0f9598a934b9ff93dcc784071bf64e1105bfb119ebca4df7d9e76c67eb11c5b0763f8e02c9ea7e1bd78f59a5ac01f
SSDEEP

24576:9LxJDFuW15GsVs40d4NUeN5Q34YeYDTP0Uv5l:9VX7V38eN55WDTcy3

Score

10^/10

bumblebee 102lg trojan

Malware Config

Extracted

Family

bumblebee

Botnet

102lg

C2

146.70.29.237:443

205.185.113.34:443

23.106.223.182:443

103.144.139.146:443

rc4.plain

Targets

- Target
  
  ambien.dll
- Size
  
  1.1MB
- MD5
  
  7f7905faf89ef42ced1a7197a0236128
- SHA1
  
  4be5208f586c2d20a5c5cbf6accf864b99af2eae
- SHA256
  
  8691cf5698446dfce18abb87351a7ca46d5ffbbf902a13a035f4be046791d3e7
- SHA512
  
  3e579612863aaafe4d315bcdbcfb88a901a073cfc9e0753384e59ef61f104061d26cb913b220b67d312b1e4d9eb9703b562bda62479bfd70d66a1d282a7e18cd
- SSDEEP
  
  24576:fwEJQ/rPB8YJqEVm20+MZ26TU5O9L/s1BJSKW9oCxpK+:y/rPm20+MZiAEOoQ
Score

3^/10
behavioral1 behavioral2
- Target
  
  cookies.bat
- Size
  
  1KB
- MD5
  
  489624f447bef97bf03de86b961b323c
- SHA1
  
  1100687d5d5fa1329c65baf7bd29afbd09e55d0a
- SHA256
  
  c92f574ccbdd97cad32bcd682bbc72f9565f0e73a6623128cfcc8d346dd4132e
- SHA512
  
  9ba1cdec5fc24749d7ad9d1c8c6c98e519a1e8c8ef9e5318cb6dd5389c1608a1d9ee6857af85a6129e605b5807d806e27e214aabe4ff23b7968922422d6bf3d2
Score

10^/10

bumblebee 102lg trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4
- Target
  
  project information.lnk
- Size
  
  981B
- MD5
  
  ab75f98820d239a2f300d1258e65ff57
- SHA1
  
  9571afbbc444cdf6ede14c0996e6e915ef21baed
- SHA256
  
  0d395daea134bf3ad5d52e47424725842391ceef3fba206031038f9d9f570191
- SHA512
  
  9929dc69ce18949b9b6efb36d501bb92a7ae7f18a82f61245088de474258ab8c33e701bc4e5f52394a7bbe80bec48269989ada0ed989ef206e3040b27a45a6ea
Score

10^/10

bumblebee 102lg trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

bumblebee102lgtrojan

behavioral5

behavioral6

bumblebee102lgtrojan