bumblebee | b6d05d8f7f1f946806cd70f18f8b6af1b033900cfaa4ab7b7361b19696be9259 | Triage

Sharing

General

Target

documents.ps1
Size

2.2MB
Sample

230221-la8zdsgb4t
MD5

fcdf0ba1ce0384e1a55a9191d2761da0
SHA1

4454a27ff9f40d54231820f2b3352f55556c0533
SHA256

b6d05d8f7f1f946806cd70f18f8b6af1b033900cfaa4ab7b7361b19696be9259
SHA512

9c850cbb4e03715d392f01ae6c7916c4479e01e812040ba1ae5033a36bbfeea073c075c1eb05febc9a16d8d4c98b0e9f32d3c883739ad0bdb163945fe280fa11
SSDEEP

24576:4q2pALU9NJAWAdsCR7RIuXAxXgP0WEY/2DwF/mxUrF0ExGyP:SA4nJAlkfg9iG/1xb

Score

10^/10

bumblebee 202lg trojan

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

202lg

C2

104.168.157.253:443

209.141.40.19:443

107.189.5.17:443

23.254.167.63:443

91.206.178.234:443

146.19.173.86:443

103.175.16.104:443

194.135.33.85:443

173.234.155.246:443

51.68.144.43:443

172.86.120.111:443

160.20.147.242:443

51.75.62.204:443

205.185.113.34:443

194.135.33.184:443

23.82.140.155:443

185.173.34.35:443

rc4.plain

Targets

- Target
  
  documents.ps1
- Size
  
  2.2MB
- MD5
  
  fcdf0ba1ce0384e1a55a9191d2761da0
- SHA1
  
  4454a27ff9f40d54231820f2b3352f55556c0533
- SHA256
  
  b6d05d8f7f1f946806cd70f18f8b6af1b033900cfaa4ab7b7361b19696be9259
- SHA512
  
  9c850cbb4e03715d392f01ae6c7916c4479e01e812040ba1ae5033a36bbfeea073c075c1eb05febc9a16d8d4c98b0e9f32d3c883739ad0bdb163945fe280fa11
- SSDEEP
  
  24576:4q2pALU9NJAWAdsCR7RIuXAxXgP0WEY/2DwF/mxUrF0ExGyP:SA4nJAlkfg9iG/1xb
Score

10^/10

bumblebee 202lg trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

bumblebee202lgtrojan