bumblebee

General

Target

english.ps1
Size

2.2MB
Sample

230308-vqr59agb64
MD5

e560c98fa5542185d5fc2f48d96b46f9
SHA1

539e5e720a8e9e3e7ced26b706c63a38496be1af
SHA256

3cb26bbe24bf7d7f3e224efea1d244ed89b7305ad45a5804a26405ddc4ced73c
SHA512

d63482073541a5be2217f6b91c5f773a7aa40e9bcd7deaf7953909e2819d478c987b3a5aa77d36b62408a76d267b4118a2eb6e9e711ba8a82692842c0ac796bc
SSDEEP

24576:itr8i7vgeGn0iwEhOSmH/wBC9aU+NFfz4hG9Kq8UHKpvFXErBc1IuQw:C7vhtiwmOUdshGVvWw6

Score

10^/10

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

0603cc

C2

51.75.62.204:443

23.82.140.155:443

192.111.146.184:443

103.175.16.104:443

185.173.34.35:443

157.254.194.117:443

192.111.146.178:443

205.185.113.34:443

195.20.17.75:443

194.135.33.184:443

173.234.155.246:443

23.254.225.130:443

51.68.144.43:443

51.83.248.92:443

160.20.147.242:443

23.254.167.63:443

103.175.16.13:443

172.86.120.111:443

185.17.40.138:443

91.206.178.234:443

rc4.plain

Targets

- Target
  
  english.ps1
- Size
  
  2.2MB
- MD5
  
  e560c98fa5542185d5fc2f48d96b46f9
- SHA1
  
  539e5e720a8e9e3e7ced26b706c63a38496be1af
- SHA256
  
  3cb26bbe24bf7d7f3e224efea1d244ed89b7305ad45a5804a26405ddc4ced73c
- SHA512
  
  d63482073541a5be2217f6b91c5f773a7aa40e9bcd7deaf7953909e2819d478c987b3a5aa77d36b62408a76d267b4118a2eb6e9e711ba8a82692842c0ac796bc
- SSDEEP
  
  24576:itr8i7vgeGn0iwEhOSmH/wBC9aU+NFfz4hG9Kq8UHKpvFXErBc1IuQw:C7vhtiwmOUdshGVvWw6
Score

10^/10

bumblebee 0603cc trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Blocklisted process makes network request

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2