bumblebee | cba5b627d45e73a1e4385475f5f6f612422b0bcc4fdade032c37616b351a261a | Triage

Submit
Reports

Overview

overview

Static

static

1

ZoomInstallerFull.msi

windows7-x64

7

ZoomInstallerFull.msi

windows10-2004-x64

Sharing

General

Target

ZoomInstallerFull.msi
Size

25.9MB
Sample

230320-yr5phsfb82
MD5

5a9faa14b60b9897d9b9d0939a9d8561
SHA1

0a78aefca1e07f4a71439e09d39585313fa7fa4e
SHA256

cba5b627d45e73a1e4385475f5f6f612422b0bcc4fdade032c37616b351a261a
SHA512

3e7feb3bb39dff3401997ef1f0d8a4b1b806cdecfa071970a8f54581cce19d38555271e06c38f5bf1862c136ae932bd04290ea3762f294307c17c5a979b9fa7b
SSDEEP

786432:YQrpQ7w8q9m0xOPhXvN2A2sAPk3W23hykV:YQr27l0UZ/NV0k3H3UC

Score

10^/10

bumblebee zm21503 discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

ZoomInstallerFull.msi

Resource

win7-20230220-en

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

ZoomInstallerFull.msi

Resource

win10v2004-20230220-en

bumblebee zm21503 discovery trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

zm21503

C2

194.135.33.90:443

45.66.248.64:443

107.189.1.219:443

rc4.plain

Targets

- Target
  
  ZoomInstallerFull.msi
- Size
  
  25.9MB
- MD5
  
  5a9faa14b60b9897d9b9d0939a9d8561
- SHA1
  
  0a78aefca1e07f4a71439e09d39585313fa7fa4e
- SHA256
  
  cba5b627d45e73a1e4385475f5f6f612422b0bcc4fdade032c37616b351a261a
- SHA512
  
  3e7feb3bb39dff3401997ef1f0d8a4b1b806cdecfa071970a8f54581cce19d38555271e06c38f5bf1862c136ae932bd04290ea3762f294307c17c5a979b9fa7b
- SSDEEP
  
  786432:YQrpQ7w8q9m0xOPhXvN2A2sAPk3W23hykV:YQr27l0UZ/NV0k3H3UC
Score

10^/10

discovery bumblebee zm21503 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bumblebeezm21503discoverytrojan

© 2018-2025

Terms | Privacy