bumblebee | 955f07f3e905c8f113cd545ea70cf0a23e305ed3aafa9675e0780fdb366f6456 | Triage

Sharing

General

Target

sites.dll
Size

1.0MB
Sample

230220-sz53csbe48
MD5

f45158898ff7d51ee58bb3ed074c7641
SHA1

00fc74c4ed5839c04e2a0020efeda9dedaa8c107
SHA256

955f07f3e905c8f113cd545ea70cf0a23e305ed3aafa9675e0780fdb366f6456
SHA512

1987312187ac48e80100f7b18a13fe7fb399c9cb319af2047101e2c9862fe3f80a5132df08f5c755b774478c4fb7fbd3aed0cf1719a30381829f56b6c462678d
SSDEEP

24576:2pAVUZL/hhrQHOznbrMOA+OlnDrN/LFPsNmM:2pfROOz/MO09SM

Score

10^/10

bumblebee 202cc trojan

Malware Config

Extracted

Family

bumblebee

Botnet

202cc

C2

23.82.140.155:443

195.20.17.75:443

104.168.157.253:443

160.20.147.242:443

103.175.16.104:443

51.68.144.43:443

23.254.167.63:443

205.185.113.34:443

51.75.62.204:443

91.206.178.234:443

185.173.34.35:443

146.19.173.86:443

86.106.131.105:443

172.86.120.111:443

192.111.146.178:443

173.234.155.246:443

194.135.33.184:443

rc4.plain

Targets

- Target
  
  sites.dll
- Size
  
  1.0MB
- MD5
  
  f45158898ff7d51ee58bb3ed074c7641
- SHA1
  
  00fc74c4ed5839c04e2a0020efeda9dedaa8c107
- SHA256
  
  955f07f3e905c8f113cd545ea70cf0a23e305ed3aafa9675e0780fdb366f6456
- SHA512
  
  1987312187ac48e80100f7b18a13fe7fb399c9cb319af2047101e2c9862fe3f80a5132df08f5c755b774478c4fb7fbd3aed0cf1719a30381829f56b6c462678d
- SSDEEP
  
  24576:2pAVUZL/hhrQHOznbrMOA+OlnDrN/LFPsNmM:2pfROOz/MO09SM
Score

10^/10

bumblebee 202cc trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebee202cctrojan

behavioral2

bumblebee202cctrojan