bumblebee

General

Target

e4a5383ac32d5642eaf2c7406a0f1c0f.msi
Size

4.2MB
Sample

230302-pq936sch69
MD5

e4a5383ac32d5642eaf2c7406a0f1c0f
SHA1

3e5637d253c40aefdb0465df15bc057ed5c26186
SHA256

d99b63e1740aa4f779b91d22f508a4792f237f09413d24b51144e0694af5d34f
SHA512

ed7ae40e2475ca2bdeefbfb3f15df6e93c8c7d7781b31c2b0c5cab99ff8fec0487f7975b406eebb8117aca2038a11a658d129c32d4147275fd7770c1bfa28da8
SSDEEP

98304:lPKnw39kiUnMUYeg8F1HWMUKFln1RiZmSZ9J1zYfWwG:4wNJUnMUYetUKFZnpSf1w

Score

10^/10

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

cisc117

C2

172.93.193.3:443

23.81.246.22:443

95.168.191.134:443

104.168.175.78:443

172.93.193.46:443

157.254.194.104:443

37.28.157.29:443

23.106.124.23:443

194.135.33.182:443

54.38.139.94:443

192.119.65.175:443

107.189.8.58:443

205.185.114.241:443

104.168.171.159:443

103.144.139.159:443

91.206.178.204:443

198.98.58.184:443

172.241.27.120:443

23.106.223.197:443

23.108.57.83:443

rc4.plain

Targets

- Target
  
  e4a5383ac32d5642eaf2c7406a0f1c0f.msi
- Size
  
  4.2MB
- MD5
  
  e4a5383ac32d5642eaf2c7406a0f1c0f
- SHA1
  
  3e5637d253c40aefdb0465df15bc057ed5c26186
- SHA256
  
  d99b63e1740aa4f779b91d22f508a4792f237f09413d24b51144e0694af5d34f
- SHA512
  
  ed7ae40e2475ca2bdeefbfb3f15df6e93c8c7d7781b31c2b0c5cab99ff8fec0487f7975b406eebb8117aca2038a11a658d129c32d4147275fd7770c1bfa28da8
- SSDEEP
  
  98304:lPKnw39kiUnMUYeg8F1HWMUKFln1RiZmSZ9J1zYfWwG:4wNJUnMUYetUKFZnpSf1w
Score

10^/10

bumblebee cisc117 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2