bumblebee | 05aa0587937c153ffbd573c6ba35a446e7c9eae62a39308d6e800e127156c468 | Triage

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2023, 23:33

Sharing

Report Analysis Logs

General

Target

Contract_02_21_Copy#48.exe
Size

1.4MB
MD5

5ac5d2bfb46d310338ad8bb70a0b562d
SHA1

bf07b0e67bb50fec99ff89b17ec6d4f8a19a57e0
SHA256

05aa0587937c153ffbd573c6ba35a446e7c9eae62a39308d6e800e127156c468
SHA512

0ff11a63877ff9e1dfb3abb58ca565754571d8da6cfb180c4926ff97921a8c207eb5ffd6fb53593f7342c1b602c7a9fefa86f1a34a6663f7aac956bfb1fd252f
SSDEEP

24576:XS9VBCocBwQ4v4by+6WUjI9+Wq6w6bX2du9RXr+3:C9CJBp9WHFIJq6Pbmd2RXW

Score

10^/10

bumblebee 21maca trojan

Malware Config

Extracted

Family

bumblebee

Botnet

21maca

C2

108.62.141.20:443

104.168.140.145:443

51.68.145.171:443

108.62.118.170:443

192.119.72.133:443

23.108.57.201:443

rc4.plain

Signatures

BumbleBee
BumbleBee is a webshell malware written in C++.
trojan bumblebee

Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs

pid	Process
4732	Contract_02_21_Copy#48.exe

C:\Users\Admin\AppData\Local\Temp\Contract_02_21_Copy#48.exe
"C:\Users\Admin\AppData\Local\Temp\Contract_02_21_Copy#48.exe"
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
PID:4732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4732-133-0x000001A16D490000-0x000001A16D5F1000-memory.dmp

Filesize
1.4MB

Download
memory/4732-134-0x000001A16D490000-0x000001A16D5F1000-memory.dmp

Filesize
1.4MB

Download
memory/4732-135-0x000001A16D490000-0x000001A16D5F1000-memory.dmp

Filesize
1.4MB

Download
memory/4732-136-0x000001A16D180000-0x000001A16D20B000-memory.dmp

Filesize
556KB

Download