bumblebee | f03626061b3bc8d36f9b21bc350b4d3eb41a0e10c6c23e19c2cdf119537f08a9 | Triage

Sharing

General

Target

file.zip
Size

1.6MB
Sample

230220-sthd4sah3t
MD5

b0021dd0b0f534072d999191ff973887
SHA1

3984f2b307728d9aaae9c8f9762b1b6d581c5037
SHA256

f03626061b3bc8d36f9b21bc350b4d3eb41a0e10c6c23e19c2cdf119537f08a9
SHA512

a42daae6d437c580069d1d6727d3a9a533475f2faf5eb8a631543768093c953e560d551861ebc15ffee12afcdc88a8b9c0a6fe91a0dac9c01c33f140533ad6ba
SSDEEP

24576:PW/WWp4C+hp8d4PvH5otcqTwOimx4SMefTx1lqXB24E:NpPHH57q0m2axuB24E

Score

10^/10

bumblebee 17maca trojan

Malware Config

Extracted

Family

bumblebee

Botnet

17maca

C2

108.62.141.20:443

23.108.57.201:443

108.62.118.170:443

rc4.plain

Targets

- Target
  
  SCAN_0217_1782178.exe
- Size
  
  709.9MB
- MD5
  
  dbfa17c6178f529a9fa53e8abbdf581f
- SHA1
  
  15ca1f14c976b21d13e778579ee4bda85bcce38e
- SHA256
  
  5f53faea707f92064542729e0e94a21df59aad7aa1c67ba212048f2ee9278c44
- SHA512
  
  c04ea42da88c434da3cd5eb0d4fda26c4803f257ffb2acb57d36f08e679372aa7170ae360fb63777e1526acb2df37fec6a6fa94c27e110a91dcccfa84a0c4161
- SSDEEP
  
  24576:KB1W0u8Tl/0SljPppnC6zzdyRUh9yXOVYgCoHI:S8kTT668VOXBo
Score

10^/10

bumblebee 17maca trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebee17macatrojan

behavioral2

bumblebee17macatrojan