bumblebee

General

Target

Desktop.zip
Size

1.0MB
Sample

230306-xdg6maee89
MD5

949ca91d94a8843719808af9d08a34c6
SHA1

e3b1b0717219d205f3a6fe0299794cf7ed0a604c
SHA256

07f394e3db99be6f61c72753ed941e38b485fe436ddc02358dfa34c39ac9e0c5
SHA512

e3804a38af2f9cead1ed46a29ee6fa3e4d4d24ecdd55c05cb45bfb02a999f8b2c427e548498bd7125c034f74626c7f63e2da1c46af292532b230638cdd11651e
SSDEEP

24576:XLW9EWVlIBRwx8THkwcN72u0RyMRBqrypKW6OyD:X69EqlIEuTolW0M8/XD

Score

10^/10

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

0603cc

C2

51.68.144.43:443

185.173.34.35:443

103.175.16.13:443

192.111.146.184:443

86.106.131.105:443

103.175.16.104:443

23.254.167.63:443

146.19.173.86:443

91.206.178.234:443

23.82.140.155:443

173.234.155.246:443

23.254.225.130:443

172.86.120.111:443

160.20.147.242:443

185.17.40.138:443

157.254.194.117:443

194.135.33.184:443

195.20.17.75:443

51.83.248.92:443

192.111.146.178:443

rc4.plain

Targets

- Target
  
  comics.ps1
- Size
  
  2.2MB
- MD5
  
  2809cc87a38fd5233134c7428b380f2d
- SHA1
  
  47f1282a61b8090c7b335059fd6408c573b061ca
- SHA256
  
  b75bb6ee05805acc5898ed2ce9f8313d20672acb1908693b1b368e71c169c447
- SHA512
  
  bc0afcd7ef86ca2cd40e7a489b8a523666412b6c43ea60b6615a2aa37fed49dc741d33af3b961dd76e2ca90f5d437838dd4b5cfb28500288d83433746083bc0e
- SSDEEP
  
  24576:wOctC+MG8fRwhhUSmA/xBCXaEGNFpz4vGE9TUUrKApoxELBczlB:KtCd9RwRa8rsvGyXoz
Score

10^/10

bumblebee 0603cc trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2
- Target
  
  titles.lnk
- Size
  
  1KB
- MD5
  
  cd40170ef364117a2ee437c47ec6b564
- SHA1
  
  48346fe1585ead2a8ab4f5fdccd264c5f9cd502a
- SHA256
  
  24bb33a3a191cb0fba721820a31a8560abd7b3d0fafabe5f85a700e47772b571
- SHA512
  
  a901f85abbb2be9d8f2165de0aceb502c8c95797c987ad0fea4a9781eaf509d2e1e4ccd5b1c51eb4b16d86a78fcb25c52d20b91623c0511c89c4eb585f6b209f
Score

10^/10

bumblebee 0603cc trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Blocklisted process makes network request

Suspicious use of NtCreateThreadExHideFromDebugger

BumbleBee

Blocklisted process makes network request

Checks computer location settings

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4