bumblebee

General

Target

cisco2.ps1
Size

2.2MB
Sample

230302-w3wvmseb85
MD5

7708f4d0a27fcb9a315e0e2b9fa24248
SHA1

498ac3d0ddf4b19f6f7d3dacf03c4e2fbf8f993b
SHA256

0afe02415b9523c9f840be11d9561d1c07b41ac1f7b803b7112608ae8db29950
SHA512

af6b285e63c9c3db98d35492ff03ec08196c859f508834fc39d6b76283447f493bc721dfa15a2ad777c6e8547ade639f9379ac1cefa54e226096fb0aa4956f54
SSDEEP

24576:rsxT2KAWU1N5BWAdTfrOqluXAxXgo0TEYKoDcF/mUCXy0wxG/uD3:whAlf5BHF/gfha/FFT

Score

10^/10

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

cisc117

C2

172.93.193.3:443

23.81.246.22:443

95.168.191.134:443

104.168.175.78:443

172.93.193.46:443

157.254.194.104:443

37.28.157.29:443

23.106.124.23:443

194.135.33.182:443

54.38.139.94:443

192.119.65.175:443

107.189.8.58:443

205.185.114.241:443

104.168.171.159:443

103.144.139.159:443

91.206.178.204:443

198.98.58.184:443

172.241.27.120:443

23.106.223.197:443

23.108.57.83:443

rc4.plain

Targets

- Target
  
  cisco2.ps1
- Size
  
  2.2MB
- MD5
  
  7708f4d0a27fcb9a315e0e2b9fa24248
- SHA1
  
  498ac3d0ddf4b19f6f7d3dacf03c4e2fbf8f993b
- SHA256
  
  0afe02415b9523c9f840be11d9561d1c07b41ac1f7b803b7112608ae8db29950
- SHA512
  
  af6b285e63c9c3db98d35492ff03ec08196c859f508834fc39d6b76283447f493bc721dfa15a2ad777c6e8547ade639f9379ac1cefa54e226096fb0aa4956f54
- SSDEEP
  
  24576:rsxT2KAWU1N5BWAdTfrOqluXAxXgo0TEYKoDcF/mUCXy0wxG/uD3:whAlf5BHF/gfha/FFT
Score

10^/10

bumblebee cisc117 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Blocklisted process makes network request

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2