bumblebee

General

Target

reviews.dll
Size

5.5MB
Sample

230221-wpthcsfg89
MD5

4d409aebb3389bd35d81778ea797ad6e
SHA1

058886b2012164dc54ba8be6316cc1ce02343f8f
SHA256

c770b2a5a9a01f84785a965a2eab1430ce0fa8b7ecec61715f00ef69c84448c2
SHA512

7ceedce04e7a39b0186ca369acc015e2b3c8247c9fcdbcd9fe334fa052b5db134020106e09bad704961392d0dddc8c9698058ac057f470dbfbf6e7e85110a3a2
SSDEEP

49152:prv+wvEd7anDUyHxzAjK5GhknnzO63+uaLggO61SwcEunJFxs:prv+wvEd7anDUyHx

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

212cc

C2

205.185.113.34:443

185.173.34.35:443

160.20.147.242:443

195.20.17.75:443

91.206.178.234:443

104.168.157.253:443

146.19.173.86:443

86.106.131.105:443

51.75.62.204:443

51.68.144.43:443

103.175.16.13:443

23.254.167.63:443

23.82.140.155:443

185.17.40.138:443

192.111.146.178:443

157.254.194.117:443

194.135.33.184:443

172.86.120.111:443

103.175.16.104:443

173.234.155.246:443

rc4.plain

Targets

- Target
  
  reviews.dll
- Size
  
  5.5MB
- MD5
  
  4d409aebb3389bd35d81778ea797ad6e
- SHA1
  
  058886b2012164dc54ba8be6316cc1ce02343f8f
- SHA256
  
  c770b2a5a9a01f84785a965a2eab1430ce0fa8b7ecec61715f00ef69c84448c2
- SHA512
  
  7ceedce04e7a39b0186ca369acc015e2b3c8247c9fcdbcd9fe334fa052b5db134020106e09bad704961392d0dddc8c9698058ac057f470dbfbf6e7e85110a3a2
- SSDEEP
  
  49152:prv+wvEd7anDUyHxzAjK5GhknnzO63+uaLggO61SwcEunJFxs:prv+wvEd7anDUyHx
Score

10^/10

bumblebee 212cc trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2