bumblebee

General

Target

color.ps1
Size

2.2MB
Sample

230303-kvklvsgc4x
MD5

742c528a179fdf26356aa239ce901c56
SHA1

d5fbd80a687813b214ad6dc7bc950ccf0f0a46f9
SHA256

28d4ca9b8bbbad765a193c9df2a8841352a87c2f26b28a94e763709906ce073b
SHA512

2c7e40258dfa27931073654c4749049b81ac160f7b3b4ac7730a85249b0ebe82b617cb2247bfc31a5597ab87f399e0d984e1e34fe7812d195a92afe5c866eadd
SSDEEP

24576:Ogpa7y/VUbkfQB0VXG/2Gv8ECPnRq4WtbYnuke0X7fmJIkrDjT8tb2i30mUO:G0QBee2Q4kw4DWbr3R

Score

10^/10

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

lg0203

C2

209.141.53.174:443

157.254.194.119:443

160.20.147.242:443

205.185.113.34:443

37.28.155.36:443

194.135.33.184:443

51.75.62.204:443

173.234.155.246:443

172.86.120.111:443

185.173.34.35:443

146.19.173.86:443

194.135.33.85:443

51.68.144.43:443

23.82.140.155:443

104.168.157.253:443

23.254.167.63:443

195.133.192.10:443

107.189.12.129:443

91.206.178.234:443

103.175.16.104:443

rc4.plain

Targets

- Target
  
  color.ps1
- Size
  
  2.2MB
- MD5
  
  742c528a179fdf26356aa239ce901c56
- SHA1
  
  d5fbd80a687813b214ad6dc7bc950ccf0f0a46f9
- SHA256
  
  28d4ca9b8bbbad765a193c9df2a8841352a87c2f26b28a94e763709906ce073b
- SHA512
  
  2c7e40258dfa27931073654c4749049b81ac160f7b3b4ac7730a85249b0ebe82b617cb2247bfc31a5597ab87f399e0d984e1e34fe7812d195a92afe5c866eadd
- SSDEEP
  
  24576:Ogpa7y/VUbkfQB0VXG/2Gv8ECPnRq4WtbYnuke0X7fmJIkrDjT8tb2i30mUO:G0QBee2Q4kw4DWbr3R
Score

10^/10

bumblebee lg0203 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Blocklisted process makes network request

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2