bumblebee | 9e84ae14e226a5c9a3efd85d1b5df6869aab9245cddb4ae6eb81e943886253d6 | Triage

Sharing

General

Target

9e84ae14e226a5c9a3efd85d1b5df6869aab9245cddb4ae6eb81e943886253d6.dll
Size

1.0MB
Sample

230322-r6tggahd56
MD5

15fed1d31f4af4928e915b36f4baa88e
SHA1

32954f133e1713b18f45576dc3244bff47cc19cd
SHA256

9e84ae14e226a5c9a3efd85d1b5df6869aab9245cddb4ae6eb81e943886253d6
SHA512

15b19901f11f054db976f682e1fe8c84c4cea37ac36956e49844448649c7b73a86bdd2285881e0955af7c14418a45bb0febcaa5e04189c87f2196673671c51ef
SSDEEP

24576:meO5bAblScTMT7qZrP7A/lVXiZb0d9hMwPsmBcm8C:membTc8mZr7A7i90nh7Em1

Score

10^/10

bumblebee mvtm1703 trojan

Malware Config

Extracted

Family

bumblebee

Botnet

mvtm1703

C2

194.135.33.182:443

205.185.127.176:443

103.175.16.133:443

45.61.187.204:443

rc4.plain

Targets

- Target
  
  9e84ae14e226a5c9a3efd85d1b5df6869aab9245cddb4ae6eb81e943886253d6.dll
- Size
  
  1.0MB
- MD5
  
  15fed1d31f4af4928e915b36f4baa88e
- SHA1
  
  32954f133e1713b18f45576dc3244bff47cc19cd
- SHA256
  
  9e84ae14e226a5c9a3efd85d1b5df6869aab9245cddb4ae6eb81e943886253d6
- SHA512
  
  15b19901f11f054db976f682e1fe8c84c4cea37ac36956e49844448649c7b73a86bdd2285881e0955af7c14418a45bb0febcaa5e04189c87f2196673671c51ef
- SSDEEP
  
  24576:meO5bAblScTMT7qZrP7A/lVXiZb0d9hMwPsmBcm8C:membTc8mZr7A7i90nh7Em1
Score

10^/10

bumblebee mvtm1703 trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bumblebeemvtm1703trojan

behavioral2

bumblebeemvtm1703trojan