bumblebee | 4b7bd61d8985e4bda823bed25986c52da45cf519b04661980db35060ae5ca3b1 | Triage

Sharing

General

Target

documents.ps1
Size

1.1MB
Sample

230221-p1sa4sgf6y
MD5

b4a6a5b0288f7b644091dd82b537999f
SHA1

c4764431b56e9c59b13496e4ab11209633604128
SHA256

4b7bd61d8985e4bda823bed25986c52da45cf519b04661980db35060ae5ca3b1
SHA512

20673f83f887b96ca0701b6673d146b0c486f60a9b5c56b0a7de2a55f4a19468350ca86eb35fb0bd5bc4b599757fcf2fa2c04730a8b4a21ae6acb3bfa9c4cb1a
SSDEEP

24576:BTwzO2B32tGRDSrH+KxAvjncxPteQcE8Z5pa2Oz9WabsKqRasT/TyMNY:DbbKgPIQSrPOxhsKszWgY

Score

10^/10

bumblebee 202lg trojan

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

202lg

C2

104.168.157.253:443

209.141.40.19:443

107.189.5.17:443

23.254.167.63:443

91.206.178.234:443

146.19.173.86:443

103.175.16.104:443

194.135.33.85:443

173.234.155.246:443

51.68.144.43:443

172.86.120.111:443

160.20.147.242:443

51.75.62.204:443

205.185.113.34:443

194.135.33.184:443

23.82.140.155:443

185.173.34.35:443

rc4.plain

Targets

- Target
  
  documents.ps1
- Size
  
  1.1MB
- MD5
  
  b4a6a5b0288f7b644091dd82b537999f
- SHA1
  
  c4764431b56e9c59b13496e4ab11209633604128
- SHA256
  
  4b7bd61d8985e4bda823bed25986c52da45cf519b04661980db35060ae5ca3b1
- SHA512
  
  20673f83f887b96ca0701b6673d146b0c486f60a9b5c56b0a7de2a55f4a19468350ca86eb35fb0bd5bc4b599757fcf2fa2c04730a8b4a21ae6acb3bfa9c4cb1a
- SSDEEP
  
  24576:BTwzO2B32tGRDSrH+KxAvjncxPteQcE8Z5pa2Oz9WabsKqRasT/TyMNY:DbbKgPIQSrPOxhsKszWgY
Score

10^/10

bumblebee 202lg trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

bumblebee202lgtrojan