bumblebee

General

Target

https://firebasestorage.googleapis.com/v0/b/idyllic-creek-377707.appspot.com/o/NgCFuNKy6s%2FContract_02_21_Copy%2346.zip?alt=media&token=db511c56-7c85-4d58-b569-6127c12586b2
Sample

230222-s51d3acd38

Score

10^/10

Malware Config

Extracted

Family

bumblebee

Botnet

21maca

C2

108.62.141.20:443

104.168.140.145:443

51.68.145.171:443

108.62.118.170:443

192.119.72.133:443

23.108.57.201:443

rc4.plain

Targets

- Target
  
  https://firebasestorage.googleapis.com/v0/b/idyllic-creek-377707.appspot.com/o/NgCFuNKy6s%2FContract_02_21_Copy%2346.zip?alt=media&token=db511c56-7c85-4d58-b569-6127c12586b2
Score

10^/10

bumblebee 21maca trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

urlscan1

behavioral1

behavioral2