bumblebee | 9982330ae990386cd74625f0eaa26ae697574694eb2ec330c2acac5e0149fdc0 | Triage

Sharing

General

Target

r3.msi
Size

6.4MB
Sample

230315-lw62xsee9x
MD5

6f7e07b84897cccab30594305416d36f
SHA1

6d1d531c921a17b36e792e2843311e27b9aa77a4
SHA256

9982330ae990386cd74625f0eaa26ae697574694eb2ec330c2acac5e0149fdc0
SHA512

689ba6b48065a9098ef62bc8ed0650fa0b66f403af9dc315a456d514ea61afda7cf67c3786760e4ac49adc8a60f489199e6aae08a59aa4ef8e57e064bce9e892
SSDEEP

196608:+kyJofCBPu0rDMQFVOiNRUm0TcrdJgRueb3IR6s8:DymfCBPoYOiPTacBeue7xs8

Score

10^/10

bumblebee pgchat trojan

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

pgchat

C2

45.61.187.225:443

91.206.178.68:443

193.109.120.252:443

rc4.plain

Targets

- Target
  
  r3.msi
- Size
  
  6.4MB
- MD5
  
  6f7e07b84897cccab30594305416d36f
- SHA1
  
  6d1d531c921a17b36e792e2843311e27b9aa77a4
- SHA256
  
  9982330ae990386cd74625f0eaa26ae697574694eb2ec330c2acac5e0149fdc0
- SHA512
  
  689ba6b48065a9098ef62bc8ed0650fa0b66f403af9dc315a456d514ea61afda7cf67c3786760e4ac49adc8a60f489199e6aae08a59aa4ef8e57e064bce9e892
- SSDEEP
  
  196608:+kyJofCBPu0rDMQFVOiNRUm0TcrdJgRueb3IR6s8:DymfCBPoYOiPTacBeue7xs8
Score

10^/10

bumblebee pgchat trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebeepgchattrojan