General

  • Target

    color.ps1

  • Size

    2.2MB

  • Sample

    230303-kvklvsgc4x

  • MD5

    742c528a179fdf26356aa239ce901c56

  • SHA1

    d5fbd80a687813b214ad6dc7bc950ccf0f0a46f9

  • SHA256

    28d4ca9b8bbbad765a193c9df2a8841352a87c2f26b28a94e763709906ce073b

  • SHA512

    2c7e40258dfa27931073654c4749049b81ac160f7b3b4ac7730a85249b0ebe82b617cb2247bfc31a5597ab87f399e0d984e1e34fe7812d195a92afe5c866eadd

  • SSDEEP

    24576:Ogpa7y/VUbkfQB0VXG/2Gv8ECPnRq4WtbYnuke0X7fmJIkrDjT8tb2i30mUO:G0QBee2Q4kw4DWbr3R

Score
10/10

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

lg0203

C2

209.141.53.174:443

157.254.194.119:443

160.20.147.242:443

205.185.113.34:443

37.28.155.36:443

194.135.33.184:443

51.75.62.204:443

173.234.155.246:443

172.86.120.111:443

185.173.34.35:443

146.19.173.86:443

194.135.33.85:443

51.68.144.43:443

23.82.140.155:443

104.168.157.253:443

23.254.167.63:443

195.133.192.10:443

107.189.12.129:443

91.206.178.234:443

103.175.16.104:443

rc4.plain

Targets

    • Target

      color.ps1

    • Size

      2.2MB

    • MD5

      742c528a179fdf26356aa239ce901c56

    • SHA1

      d5fbd80a687813b214ad6dc7bc950ccf0f0a46f9

    • SHA256

      28d4ca9b8bbbad765a193c9df2a8841352a87c2f26b28a94e763709906ce073b

    • SHA512

      2c7e40258dfa27931073654c4749049b81ac160f7b3b4ac7730a85249b0ebe82b617cb2247bfc31a5597ab87f399e0d984e1e34fe7812d195a92afe5c866eadd

    • SSDEEP

      24576:Ogpa7y/VUbkfQB0VXG/2Gv8ECPnRq4WtbYnuke0X7fmJIkrDjT8tb2i30mUO:G0QBee2Q4kw4DWbr3R

    Score
    10/10
    • BumbleBee

      BumbleBee is a webshell malware written in C++.

    • Blocklisted process makes network request

    • Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks