bumblebee

General

Target

19bdf3110168f2ac48c599fac9e03e23.ps1.vir
Size

2.2MB
Sample

230223-pa16bsfg53
MD5

19bdf3110168f2ac48c599fac9e03e23
SHA1

c8ab417929970ae032cf6fede8743f829847d75f
SHA256

7d5337ef04ddabac61a5f3dae4a9fdf17c6d0b64f1a1b5ae0b07b6bbc0bcbd9e
SHA512

dbfd9d9c4a9c94024cf53a30c5041c1973e845100c214a04930d38cc895f6e81dda096a695140cb23a888f648334ba4d26a9abd5346c966b3df25c5828956be0
SSDEEP

24576:itC5Ja7ybVCbyfQCQfXk/SGv8raPHRJ4LtbgnuSW0v7wmlQccDjT96KjIM:iZQQCgcSM433DDwO

Score

10^/10

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

212cc

C2

104.168.157.253:443

185.173.34.35:443

103.175.16.104:443

86.106.131.105:443

23.82.140.155:443

173.234.155.246:443

195.20.17.75:443

192.111.146.178:443

23.254.167.63:443

51.75.62.204:443

103.175.16.13:443

146.19.173.86:443

160.20.147.242:443

51.68.144.43:443

205.185.113.34:443

157.254.194.117:443

194.135.33.184:443

91.206.178.234:443

172.86.120.111:443

185.17.40.138:443

rc4.plain

Targets

- Target
  
  19bdf3110168f2ac48c599fac9e03e23.ps1.vir
- Size
  
  2.2MB
- MD5
  
  19bdf3110168f2ac48c599fac9e03e23
- SHA1
  
  c8ab417929970ae032cf6fede8743f829847d75f
- SHA256
  
  7d5337ef04ddabac61a5f3dae4a9fdf17c6d0b64f1a1b5ae0b07b6bbc0bcbd9e
- SHA512
  
  dbfd9d9c4a9c94024cf53a30c5041c1973e845100c214a04930d38cc895f6e81dda096a695140cb23a888f648334ba4d26a9abd5346c966b3df25c5828956be0
- SSDEEP
  
  24576:itC5Ja7ybVCbyfQCQfXk/SGv8raPHRJ4LtbgnuSW0v7wmlQccDjT96KjIM:iZQQCgcSM433DDwO
Score

10^/10

bumblebee 212cc trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Blocklisted process makes network request

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2